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Network  director  wins  funding  for  major  upgrade 
of  San  Francisco  campus  network.  Now  his  team 
faces  tough  design  issues  and  tight  deadlines. 

The  network  at  the  University  of  California,  San 

Francisco,  is  sprawling, aging, complex, hard  to  manage 
and  expensive  to  operate.  Or  as  Chancellor  J.  Michael 
Bishop  puts  it,“UCSF  is  a  first-rate  medical  institution 
with  a  third-rate  network.” 

In  this  four-part  series,  Jeffrey  Fritz,  UCSFs  director  of 
Enterprise  Network  Services  (ENS)  and  a  Network  World 
Global  Test  Alliance  member,  writes  about  his  experience 
guiding  a  multi-million-dollar  network  upgrade  from 
conception  to  go-live. 

In  this  first  part,  Fritz  wins  funding  for  the  project  and  comes 
face  to  face  with  several  prickly  network  design  issues  as  he 
prepares  to  seek  bids. 
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Big  bang  to  jolt 
Microsoft  users 


■  BY  JOHN  FONTANA 

Microsoft  might  be  hyping  its  next-generation 
Longhorn  software  as  a  “big  bang”  event,  but  the 
company  is  being  quiet  about  the  fact  that  the 
products  will  require  corporate  customers  to  per¬ 
form  multiple,  carefully  planned  upgrades  remi¬ 
niscent  of  the  difficult  migration  from  Windows 
NT  to  2000. 

The  Longhorn  lineup  also  will  wreak  havoc  with 
the  hardware  and  software  plans  of  corporate  exec¬ 
utives,  especially  those  now  running  Windows  2000 
Server,  which  could  reach  its  early  2007  end-of-sup- 
port  life  cycle  before  the  Longhorn  server  is 
released. 

Longhorn  is  an  umbrella  term  that  Microsoft  uses 


to  define  its  collection  of  infrastructure  software.  It’s 
the  first  step  toward  integrating  all  that  software 
around  .Net  and  Web  services  and  requires  over¬ 
hauling  the  client  and  server  operating  systems, 
Office  and  everything  that  runs  on  top. The  integra¬ 
tion  effort  to  create  a“software  stack” aligns  with  sim¬ 
ilar  efforts  by  competitors  such  as  IBM  with  Web¬ 
Sphere  and  Sun  with  Project  Orion. 

“All  the  desktop  products  will  have  Longhorn  de¬ 
pendencies,”  says  Peter  Pawlak,  an  analyst  with 
Directions  of  Microsoft,  an  independent  research 
firm.  It’s  akin  to  the  Active  Directory  upgrade, “Micro¬ 
soft  didn’t  think  it  would  be  smooth  and  it  wasn’t. 
With  Longhorn,  it  is  going  to  be  one  of  those  un¬ 
avoidable  things.  It  will  make  people  stop,  but  to 

See  Longhorn,  page  16 


NetWare  at  a  crossroads 

Novell's  Linux  push  amplifies  doubts  about  the  future  of  classic  NOS. 


it  NetWare  is  not  going 
away,  period.  M 

Jack  Messman,  CEO,  Novell 


■  BY  DENI  CONNOR 

Every  time  Novell  walks  a  few 
steps  deeper  into  the  Linux  arena, 
someone  suggests  the  company 
is  running  away  from  its  NetWare 
base. 

The  dynamic  was  on  display 
last  week  at  LinuxWorld  after 
Novell  announced  a  series  of  ini¬ 
tiatives,  including  the  porting  of  its 
GroupWise  collaboration  product 
to  Linux  and  the  acquisition  of 
desktop  software  vendor  Ximian. 
The  ink  wasn’t  dry  on  those  press 
releases  before  Novell  executives 
—  who  reportedly  have  had 
heated  debates  about  NetWare’s 
future  —  were  busy  denying 
news  reports  that  the  end  of  the 


operating  system  was  imminent. 

“NetWare  is  not  going  away, 
period,” says  CEO  Jack  Messman. 
“Novell  is  not  dropping  NetWare; 
we’re  adding  Linux.  As  we  stated 
in  April  and  again  at  LinuxWorld, 
we  will  make  Novell’s  services 
available  both  on  a  NetWare  ker¬ 
nel  and  a  Linux  kernel  going 


forward.” 

Novell  this  week  is  expected  to 
begin  shipping  NetWare  6.5,  and 
company  officials  insist  develop¬ 
ment  is  underway  on  a  subse¬ 
quent  version. 

However,  such  statements  are 
unlikely  to  end  speculation  about 

See  NetWare,  page  14 
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and  we’ve  got  an  inside  look.  In  the  first  of  a  four-part  series, 
Jeff  Fritz,  director  of  Enterprise  Network  Services  at  UCSF  and 
a  Network  World  Global  Test  Alliance  member,  describes  what 
needs  to  be  done  and  how  he  plans  to  get  there.  Page  40. 
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Cool  Tools 

Toshiba  launches  wireless  network  camera 
Senior  Reviews  Editor  Keith  Shaw  says  anyone  who  buys  the  IK-WBIIa 
Wi-Fi  net  camera  will  get  a  free  dynamic  DNS  and  a  unique  URL  for  each 
of  their  cameras. 

DocFinder:  7133 

Wireless  apps  getting  sophisticated 

E-mail  and  calendaring  are  still  the  most  common  wireless  apps,  but 
more-sophisticated  vertical  applications  are  quickly  coming  online,  Senior 
Editor  John  Cox  writes. 
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Compendium 

Spam  out  his  ears 

Think  you've  got  it  bad?  Fusion  Executive  Editor  Adam  Gaffin 
alerts  you  to  one  unlucky  soul  whose  spam  is  spiking  on  an 
exponential  curve.  DocFinder:  7134 

Wireless  Wizards 

Preventing  802.11  interference 
The  Wizards  explain  how  802.11  (b  and  g  at  2.4  GHz)  man¬ 
ages  interferences  from  other  technologies  such  as 
Bluetooth  and  microwave  ovens.  DocFinder:  7135 


Telework  Beat 


Seminars  and  events 

_ _ _ _ , _ _ _ _ _ 

The  New  Data  Center  Powering  the  Enterprise 

The  data  center  is  the  driving  force  of  the  enterprise,  rising  to  take  con¬ 
trol  through  consolidation  and  virtualization,  automation  and  efficiency.  If 
your  data  center  isn’t  fully  metered,  accountable  and  effective,  don't  miss 
this  Network  World  Technology  Tour  event.  The  event  is  free  to  qualified 
professionals. 
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Good  times  for  virtual  call  centers 
Net.Worker  Managing  Editor  Toni  Kistner  says  firms  such  as 
Willow  CSN  and  Alpine  Access  are  winning  big  clients  and 
expanding  business.  DocFinder  7138 

Small  Business  Tech 

Five  steps  to  a  cleaner  mailbox 
Columnist  James  Gaskin  offers  the  dos  and  don’ts  of  con¬ 
trolling  junk  e-mail.  DocFinder  7136 
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SEC  approves  MCI  settlement 

■  MCI  last  week  won  approval  from  the  court  overseeing  its 
bankruptcy  case  for  its  settlement  with  the  U.S.  Securities  and 
Exchange  Commission,  the  company  said. The  U.S.  Bankruptcy 
Court  for  the  Southern  District  of  New  York  approved  the  set¬ 
tlement,  under  which  victims  of  MCl’s  fraud  are  to  receive  $500 
million  in  cash  and  $250  million  in  shares.  The  ruling  resolves 
all  claims  by  the  SEC  against  MCI  —  still  legally  called 
WorldCom  —  for  its  past  accounting  practices,  the  company 
said.  Shareholders,  bondholders  and  other  victims  will  get  the 
settlement  proceeds  when  MCI  emerges  from  Chapter  1 1  bank¬ 
ruptcy  protection,  the  Ashburn,Va.,  telecom  company  said. 

Governor  orders  voting-machine  probe 

■  Maryland  Gov.  Robert  Ehrlich  last  week  ordered  an  independent  review  by 
Science  Applications  International  Corp.,into  the  electronic  voting  machines  made 
by  Diebold  Electronic  Systems.  The  call  follows  public  accusations  from  Johns 
Hopkins  University  researchers  two  weeks  ago  that  software  code  believed  to  be 
used  in  the  AccuVote-TS  touch-screen  voting  machines  was  flawed  to  the  point  that 
a  single  voter  could  trick  it  with  multiple  ballots.  Johns  Hopkins  researchers  said  the 
software  had  been  posted  to  the  Internet  by  an  activist.  Diebold  says  the  software  in 
question  —  which  Johns  Hopkins  said  is  based  on  Windows  proprietary  code,  work¬ 
ing  with  a  smart  card  —  is  outdated  and  was  never  used  in  an  election.  Maryland  has 
made  a  $55.6  million  investment  for  11,000  Diebold  voting  machines  and  has  5,000 
of  the  machines  already  in  use.  Most  of  the  other  machines  are  to  be  in  place  before 
the  presidential  primary  next  March. 

Survey  finds  preference  for  DSL 

■  Slightly  more  than  half  of  dial-up  Internet  access  users  would  upgrade  to  DSL  ser¬ 
vice  rather  than  cable  modem  service  if  both  were  available  in  their  area, according 
to  a  survey  of  7,700  consumers  issued  last  week  by  J.D.  Power  and  Associates. 
Although  there  are  many  more  cable  modem  users  than  DSL  users  today,  only  38% 
of  dial-up  users  said  they  would  upgrade  to  cable  modem  service  rather  than  DSL 
if  both  options  were  available  to  them.  Of  all  Internet  access  services,  dial-up  con¬ 
nectivity  still  dominates,  with  about  74%  of  consumers  connecting  that  way.  About 
17%  use  cable  modem  and  9%  using  DSL. 

Microsoft  faces  hefty  fine  in  Europe 

■  The  European  Commission  could  fine  Microsoft  up  to  10%  of  its  global  annual  sales 
for  monopoly  offenses,  the  commission  said  last  week.  Microsoft  is  still  committing  the 
monopoly  abuses  it  was  first  accused  of  in  1998,  the  EC  said  in  a  preliminary  ruling  in 


Making  a  monkey  out  of  you 
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Farmer  with  a  Dell? 

About  half  of  the  2  million  farms 
in  the  U.S.  are  Internet-enabled 
nearly  triple  the  figure  from  1997, 
according  to  a  Department  of 
Agriculture  survey.  Let’s  hope  they 
aren't  letting  their  pigs  online  (they 
can  be  real  bandwidth  hogs).  > 


y  Cell  hell  .  Roughly  one  in  11  cellular  calls  suffers  from  static  or  other  interference, 
according  to  a  survey  of  16,800  wireless  users  by  J.D.  Power  &  Associates.  The 
study  also  showed  that  the  likelihood  of  customers  switching  carriers  increases 
proportionally  as  the  number  of  network-quality  problems  rises. 


m  Shunning  Sprint  The  General  Services  Administration  has  warned  Sprint 
that  the  agency  has  been  urged  by  its  inspector  general  to  bypass  the  carrier  for 
new  contracts  because  Sprint  overcharged  the  U.S.  Department  of  Justice  by  more 
than  $2  million  from  2000  to  2002  (an  error  Sprint  blamed  on  a  billing  problem). 
The  GSA  recently  took  similar  action  against  MCI. 


its  long-running  antitrust  case  against  the  company.  The  commission  has  sent  an 
updated  statement  of  objections  to  Microsoft,  reiterating  previous  accusations  that  it 
has  leveraged  its  dominance  in  the  market  for  computer  operating  systems  into  the 
markets  for  server  systems  and  media-player  software.  The  latest  statement  also  out¬ 
lines  remedies  the  commission  wants  to  impose  on  Microsoft  to  ensure  that  competi¬ 
tion  in  these  markets  is  freed  up.  Microsoft  is  studying  the  new  statement,  a  spokesman 
said.The  fact  that  the  commission  believes  the  monopoly  abuse  is  still  ongoing  makes 
a  large  fine  likely.  Under  European  Union  law  the  gravity  of  an  antitrust  offense  is 
determined  in  part  by  how  long  it  lasts.  However,  it  has  never  fined  a  company  the 
maximum  10%  of  sales. 

IEEE  boosts  high-speed  wireless  streaming 

■  Small-business  and  home  users  seeking  to  connect  bandwidth-hungry  audio  and 
visual  devices  will  appreciate  a  new  IEEE  standard  for  streaming  multimedia  data 
over  high-speed  wireless  networks. The  new  802.15.3  standard  for  high-rate  wireless 
personal-area  networks  (WPANs)  lets  these  networks  link  as  many  as  245  wireless 
fixed  and  portable  devices  at  data  rates  up  to  55M  bit/sec  and  at  distances  from  a 
few  centimeters  to  100  meters. 

The  standard,  which  substantially  increases  the  initial  1M  bit/sec  speed  of  WPANs, 
comes  in  response  to  strong  demand  from  users,  the  IEEE  says.  The  standard  also 
addresses  user  priorities  such  as  network  economy,  frequency  performance,  power 
consumption  and  data-rate  scalability. 
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Start-up  aims  to  clean  up  data  centers 


*  *  The  only  way  to  cut  the  budget  down  is 
by  making  the  network  more  intelligent  ** 


■  BY  DENI  CONNOR 

Entrepreneur  Cheng  Wu  is  tak¬ 
ing  lessons  learned  about  Web 
content  delivery  at  his  last  start¬ 
up  and  applying  them  at  his  new 
venture  to  improve  data-center 
information  management. 

Wu,  who  founded  content 
switch-maker  Arrowpoint  and 
sold  it  to  Cisco  for  $5.7  billion  in 
2000,  is  now  chairman  and  co¬ 
founder  of  Acopia  Networks. 
Acopia,  which  takes  its  name 
from  a  Spanish  word  meaning  “to 
gather  together,”  is  building 
switches  that  connect  application 
and  file  servers  with  storage 
arrays  to  provision  and  dynami¬ 
cally  allocate  resources  based  on 
policies  an  IT  manager  puts  in 
place. 

Wu  says  the  new  company, 
which  is  funded  with  $40  million 
from  Charles  River  Ventures,  Star 
Ventures,  St.  Paul  Venture  Capital, 
Accel  Partners  and  his  own 
money  will  attempt  to  address  the 
shortcomings  of  existing  data¬ 
center  architectures. 

“In  a  data  center  as  much  as 
80%  to  85%  of  the  budget  is  spent 
in  enterprise  applications,  servers 
and  storage,  where  those  re¬ 
sources  become  increasingly  net¬ 
work-attached,’  ’Wu  says.  “The  only 
way  to  cut  the  budget  down  is  by 
making  the  network  more  intelli- 


Cheng  Wu 

Chairman  and  co-founder, 

Acopia  Networks 

gent.  We  set  out  to  do  a  network 
device  that  can  switch  and  serve 
file  traffic  at  the  same  speed  as  a 
network  switch  can  switch  pack¬ 
ets.  That  can  only  be  done  by  vir¬ 
tualizing  the  network  resources.” 

The  company’s  first  product,  the 
ARX6000,  connects  to  a  network 
switch  such  as  a  Cisco  Catalyst 
6000.  The  device  gathers  files 
from  heterogeneous  storage 
arrays  and  file  servers  into  a  virtu¬ 
alized  data  pool  so  the  files  can 
be  managed  more  easily. 
Applications  such  as  volume 
management,  replication  or  life- 
cycle  management  can  be 
loaded  on  the  switch. 

Joe  Fuccillo,  senior  vice  presi¬ 
dent  and  CTO  for  a  business-con¬ 
tinuity  services  company  in  the 
Northeast  that  has  been  beta-test¬ 
ing  the  switch,  says  it  could 
change  the  way  his  company 
does  business. 

“We  are  looking  at  the  switch  to 
cut  back  on  software  purchases,” 
he  says. “[If  you  can  run  applica¬ 
tions  on  the  switch],  you  don’t 


need  advanced  copy,  migration 
and  replication  licenses  for  a  lot 
of  the  vendors’  hardware,  which 
can  be  very  expensive.  With  it  we 
can  have  different  classes  of  stor¬ 
age  and  move  data  around  based 
on  policies.” 

Fuccillo  also  is  looking  forward 


to  smaller  switches  Acopia  has 
on  tap. 

“Acopia  will  have  a  pizza-sized 
box,”  he  says.  “We  are  going  to 
have  a  service  for  the  [small  and 
mid-size  business]  market  and 
drop  it  in  customer  locations, 
which  will  then  replicate  data 
back  to  our  data  centers  for  dis¬ 
aster-recovery  purposes.” 

Several  companies,  including 
Cisco  and  Brocade,  are  vetting 
Fibre  Channel  switches  that  virtu¬ 
alize  storage  and  run  applications 
such  as  data  migration  and  repli¬ 
cation  for  storage-area  network 
(SAN)  data.  The  products  are 


scheduled  for  release  beginning 
this  fall.  Other  companies, such  as 
NuView,Z-force  and  Rainfinityare 
aggregating  network-attached 
storage  (NAS)  data  and  are  cur¬ 
rently  shipping  products. 

The  ARX6000,  unlike  intelligent 
Fibre  Channel  switches  promised 
from  Cisco,  Brocade,  Sanera,  SAN- 
dial  and  Maranti  Networks,  will 
attach  to  NAS  and  file  servers  with 
direct-attached  storage  and  virtu¬ 
alize  the  files  residing  on  them. 

Acopia  is  providing  few  spe¬ 
cifics  on  pricing,  but  says  a  mid¬ 
size  switch  will  probably  cost 
around  $100,000.  ■ 


Pooling  resources 


Acopia’s  ARX6000  switch  sits  in  a  data  center  between  network  and 
Fibre  Channel  switches,  letting  companies  pool  file-based  data  residing 
in  SANs,  NAS  and  other  storage  systems.  Companies  then  can  better 
manage  that  data  using  provisioning  or  other  applications  that  reside 
on  the  Acopia  device. 


Application 
b]  servers 


Network  switch 


1G  bit/sec  or  100M 
bit/sec  Ethernet 


Fibre  Channel 
switch 

ZZ^i 


Application 

servers 


Aruba  boosts  wireless  LAN  management 


■  BY  JOHN  COX 

Aruba  Wireless  Networks  this 
week  plans  to  unveil  software 
designed  to  give  its  switch  cus¬ 
tomers  more  control  over  wire¬ 
less  LANs. 

The  software  lets  compa¬ 
nies  manage  hundreds  of 
access  points  linked  to  an 
Aruba  5000  switch,  a  wiring- 
closet  device  that  plugs  into 
corporate  networks. 

The  initial  switch  release  in 
April  carried  software  for 
securing  WLANs  and  for  doing 
some  device  configuration  and 
radio  frequency  monitoring. 

Johnson  &  Wales  University, 
which  is  based  in  Providence.R.I., 
and  has  four  other  campuses 
across  the  country  is  using  the 
new  software  programs  to  set  up 
and  mai  lage  WLANs  at  three  of  its 
campuses,  including  the  largest 
one,  in  Denver.  The  school  has 


installed  a  mix  of  50  Aruba  access 
points  and  air  monitors  (which 
are  simplified  access  points  for 
scanning  radio  waves),  and  on 
each  campus  an  Aruba  switch. 

Joshua  Wright,  the  school’s 


Aruba's  5000  switch  later  this  month 
will  support  advanced  WLAN  traffic 
analysis  and  problem  detection. 

senior  network  and  security 
architect,  used  Aruba’s  new  RF 
Plan  application  with  an  Auto¬ 
CAD  file  of  the  Denver  campus 
floor  plans.  With  the  programs,  he 
created  a  map  of  where  the 
Aruba  radios  should  be  set  up 
and  what  their  initial  configura¬ 


tions  should  be,  such  as  channel 
selection  and  radio  power  level. 
All  this  data  resides  in  an  Aruba 
5000  switch  in  Providence. 

In  Denver,  a  local  cabling  con¬ 
tractor  used  the  software’s  print¬ 
out  to  install  the  Aruba 
access  points,  which  Wright 
says  then  contacted  the 
Providence  switch,  down¬ 
loaded  the  configuration 
data  and  began  broadcast¬ 
ing  as  part  of  the  Denver 
WLAN. 

RF  Plan  is  only  part  of  the 
new  software  package. 

RF  Director  is  the  core  manage¬ 
ment  application,  which  now  will 
ship  as  a  standard  package  on  the 
Aruba  5000.  The  software  creates 
a  GUI  through  which  administra¬ 
tors  can  get  an  overview  of  the 
WLAN.“1  can  see  things  like  the 
number  of  users  associated  with 
an  access  point,  the  number  of 
authenticated  users  who  are  not 


associated,  and  load  and  utiliza¬ 
tion  patterns,”Wright  says. 

RF  Director  also  is  the  umbrella 
application  under  which  run 
additional  management  applica¬ 
tions  from  Aruba  and  third-party 
vendors.  Later  this  month,  Aruba 
will  release  a  plug-in  for  Wild- 
Packets’  AiroPeek  NX,  which  is  a 
program  for  doing  advanced 
WLAN  traffic  analysis,  problem 
detection  and  diagnosis. 

Aruba  also  has  two  companion 
applications:  RF  Lock  and  RF 
Analyze. 

RF  Lock  loads  on  the  Aruba 
switch,  with  agents  running  on 
the  Aruba  air  monitors,  which 
then  scan  the  2.4-  and  5-GHz 
bands.  The  software  identifies 
known  radios  and  alerts  admin¬ 
istrators  to  unknown  radio  sig¬ 
nals.  If  a  probe  detects  unautho¬ 
rized  access  points  or  users,  it 
automatically  can  take  certain 
steps  to  isolate  them. 


RF  Analyze  collects  from  access 
points  and  clients  a  range  of  sta¬ 
tistical  data,  such  as  frame  errors, 
bandwidth  rates,  packet  counts 
and  media-access-control  errors. 
The  software  graphs  the  data  and 
sets  up  thresholds  to  trigger  alerts 
to  administrators. 

RF  Plan  costs  $2,000,  RF  Lock 
costs  $10,000,  and  RF  Analyze  is 
priced  at  $3,000.B 
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Navy  unifies  its  monitoring  networks 


■  BY  ELLEN  MESSMER 

The  U.S.  Navy  has  put  its  Naval 
Network  Warfare  Command  in 
charge  of  monitoring  the  Navy’s 
hundreds  of  different  networks 
used  by  more  than  400,000  per¬ 
sonnel  around  the  world  in  order 
to  detect  security  violations. 

Based  in  Norfolk,  Va.,  the  Net- 
warcom  command  group  was 
established  by  the  Navy  just  over 
a  year  ago  to  coordinate  its  IT 
operations  and  to  support  the 
concept  of  one  naval  network, 
with  Vice  Admiral  Dick  Mayo  as 
commander. 

In  its  new  role  of  monitoring 
Navy  networks  for  security  pur¬ 
poses,  Netwarcom  is  installing 
monitoring  equipment  from 
Security  that  attaches  to  switches 
at  the  edge  or  inside  hundreds  of 
Navy  networks.  This  will  involve 
hundreds  of  separate  Navy  net¬ 
works,  including  those  at  the 
Naval  Supply  Command,  the  fast¬ 
growing  Navy  Marine  Corps 
Intranet  (NMCI),  legacy  networks 
being  phased  out  in  favor  of 


NMCI,  and  the  terrestrial  and 
satellite-based  network  known  as 
Information  Technology  21  to 
reach  ships  at  sea. 

By  inspecting  traffic  using  the 
Securify  sensors,  Netwarcom  will 
be  able  to  determine  that  only 
authorized  personnel  are  using 
restricted  services,  that  appropri¬ 
ate  authentication  and  encryp¬ 
tion  is  in  place,  and  that  equip¬ 
ment  such  as  firewalls  is  properly 
configured. 

“One  of  the  serious  challenges 
faced  by  the  NMCI  is  the  legacy 
networks,  which  have  serious 
security  problems,”  says  Navy 
Captain  Chris  Christopher,  deputy 
director  for  future  operations, 
communications  and  business 
initiatives  for  the  Navy  Marine 
Corps  Intranet.  While  not  detail¬ 
ing  those  problems,  he  noted  that 
they  can  be  as  simple  as  bi-direc¬ 
tional  FTP  or  other  services  set  up 
by  default,  creating  security  risks. 

Before  Netwarcom  took  on  the 
watchdog  role  for  the  Navy’s  net¬ 
work  security  the  responsibility 
for  monitoring  fell  to  local  Navy 


Service  time 

About  100,000  service 
personnel  use  the  Navy 
Marine  Corps  intranet 
today.  About 

360,000 

will  use  it  in  the  next 
few  years. 


facilities.  The  centralized  ap¬ 
proach  should  help  the  Navy 
tighten  security  particularly  with 
older  legacy  networks,  Christ¬ 
opher  says. 

Netwarcom’s  new  approach 
through  monitoring  “is  also  going 
to  help  us  understand  what  we 
should  allow  and  what  we  should 
filter  out  from  our  network,”  he 
says.  NMCI  —  which  is  managed 
by  EDS  —  will  be  the  main  net¬ 
work  for  day-to-day  operations  in 
the  Navy  as  older  legacy  LANs 
and  applications  are  phased  out. 


“We’ll  know  what  we  should  be 
quarantining  in  old  networks  as 
we  bring  applications  onto  this 
network.” 

The  Securify  equipment  allows 
for  policy  data  to  be  entered  at  a 
Securify  SecurVantage  Studio 
console.  This  would  be  done  by 
Netwarcom  with  cooperation 
from  local  Navy  facilities.  Policies 
can  be  distributed  to  the  switch- 
attached  sensors,  called  Securify 
Monitors,  to  be  installed  and 
maintained  locally.  EDS  will  be 
doing  that  for  NMCI.The  Monitors 
report  in  real  time  on  traffic 
behavior  to  a  third  piece  of 
equipment,  called  the  Enterprise 
Monitor. 

Through  these  sensors  and 
monitors,  Netwarcom  can  ana¬ 
lyze  the  traffic  at  hundreds  of 
naval  locations  and  let  manage¬ 
ment  staff  at  these  sites  know  if 
there’s  a  need  to  take  a  different 
course  to  reduce  risk. 

Securify ’s  sensors  look  at  appli¬ 
cation  and  network  traffic  to 
spot  whether  VLANs  are  set  up 
appropriately  for  secure  com¬ 


munities  of  interest  in  the  Navy, 
make  sure  written  security  poli¬ 
cies  are  really  being  implement¬ 
ed,  and  check  whether  public- 
key  certificates  are  being  used 
for  all  Navy  Web  servers,  as 
they’re  supposed  to  be,  says  Carl 
Wright,  vice  president  of  federal 
operations  at  Securify. 

As  the  Navy  gets  underway 
with  its  effort  to  get  shipshape  on 
security  monitoring,  it  has  no 
immediate  plans  to  coordinate 
security  monitoring  with  the 
Army,  Air  Force  or  other  parts  of 
the  U.S.  Department  of  Defense, 
sources  say 

However,  the  Defense  Infor¬ 
mation  Services  Agency,  which 
oversees  some  IT  and  telecom 
services  for  Defense  Department 
agencies,  has  purchased  Securify 
gear,  using  it  in  the  Middle  East  for 
the  Iraqi  war  effort. 

The  Air  Force  and  Army  also  are 
looking  at  the  security-monitor¬ 
ing  equipment,  and  the  potential 
for  coordinated  security  policy 
across  the  services  is  there, 
according  to  Securify  ■ 


SBC  turns  up  the  heat  in  hot-spot  competition 

The  carrier  becomes  the  latest  RBOC  to  plan  a  Wi-Fi  service  rollout 


RB0G  plans 

SBC  has  the  most  aggressive  plan  to  date  among  the  Bells 
for  rolling  out  Wi-Fi-based  services. 


RBOC 

Wi-Fi  plan 

BellSouth 

Offers  a  home  network  service  that  uses  Wi-Fi;  has 
not  announced  a  hot-spot  coverage  plan. 

SBC 

Under  FreedomLink,  the  carrier  intends  to  roll  out  20,000 
hot  spots  at  6,000  locations  over  the  next  three  years. 

Qwest 

Has  not  divulged  a  Wi-Fi  plan,  though  observers  say 
the  company  might  resell  Sprint  PCS's  Wi-Fi  service. 

Verizon 

Says  it  will  turn  up  1,000  Wi-Fi  hot  spots  in  Manhattan 
by  the  end  of  the  year. 

■  BY  JIM  DUFFY 

SBC  last  week  outlined  plans 
for  an  extensive  Wi-Fi  hot-spot 
rollout,  the  latest  in  a  series  of 
moves  by  the  regional  Bell  oper¬ 
ating  companies  to  exploit  the 
wireless  technology  to  give 
remote  users  or  frequent  busi¬ 
ness  travelers  high-speed  access 
to  corporate  data. 

The  carrier  also  said  it  is  creat¬ 
ing  an  integrated  Wi-Fi  and  3G 
wireless  service  to  deliver  broad¬ 
band  wireless  offerings  to  home, 
business  and  remote  users. 

As  part  of  the  new  Wi-Fi  service, 
to  be  called  FreedomLink,  SBC 
plans  to  deploy  more  than  1,000 
Wi-Fi  hot  spots  in  several  hundred 
venues  in  its  13-state  region  by 
year-end,  and  says  it  will  have 
more  than  9,000  hot  spots  in 
2,000  venues  by  year-end  2004 
and  more  than  20,000  hot  spots  in 
6,000  venues  by  2006.The  compa¬ 
ny  will  continue  to  deploy  hot 
spots  in  hotels,  airports,  conven¬ 
tion  centers  and  other  venues 
after  2006. 

The  integrated  Wi-Fi/3G  service 
is  expected  to  be  available  in  late 
2004  or  early  2005. 


SBC  did  not  disclose  its  invest¬ 
ment  in  this  effort.  It  said  expens¬ 
es  would  be  minimal,  however, 
because  it  is  utilizing  existing  net¬ 
work  assets. 

In  addition  to  establishing  hot 
spots  at  primary  venues,  SBC  said 
it  also  plans  to  provide  a  turnkey 
product  that  lets  small  businesses 
become  a  hot  spot  to  differentiate 
themselves  in  the  marketplace. 
The  businesses  then  would  offer 
Wi-Fi  access  to  their  customers, 
similar  to  what  Starbucks  and 


McDonald’s  are  already  doing 
through  other  service  providers. 

Wi-Fi  refers  to  any  wireless  LAN 
product  that’s  based  on  the  IEEE 
802. 1 1  WLAN  standard  with  theo¬ 
retical  data  rates  ranging  from 
1 1M  to  54M  bit/sec. 

To  augment  its  Wi-Fi  plan,  SBC 
has  reached  a  roaming  agree¬ 
ment  with  Wayport,  a  leading  Wi¬ 
Fi  service  provider.  The  agree¬ 
ment  will  give  SBC  customers 
access  to  Wayport  services  in 
more  than  650  locations  nation¬ 


wide,  including  565  hotels,  eight 
airports  and  75  restaurants. 

To  give  subscribers  access  to 
more  hot  spots,  SBC  says  it  also 
will  pursue  roaming  agreements 
with  other  Wi-Fi  service  providers. 

Wayport  is  becoming  the  Wi-Fi 
roaming  partner  of  choice  for  the 
RBOCs. Verizon  Wireless  last  week 
said  it  is  teaming  with  Wayport  to 
offer  customers  up  to  650  Wi-Fi 
access  points  at  hotels,  conven¬ 
tion  centers  and  airports  across 
the  U.S. 

For  its  effort,  SBC  plans  to  use  its 
public  telephone  infrastructure  to 
establish  access  points  and  use 
SBC  DSL  or  T-l  service  to  trans¬ 
port  data  from  the  access  point  to 
the  network. 

SBC  will  use  its  relationship 
with  wireless  operator  Cingular  to 
bring  an  integrated  Wi-Fi/3G  ser¬ 
vice  to  market.The  service  will  let 
subscribers  move  between  their 
home  or  office  SBC  broadband 
service,  SBC  FreedomLink  Wi-Fi 
hot  spots  and  Cingular’s  network, 
the  carrier  says. 

SBC  and  Cingular  currently  are 
working  on  a  way  to  allow  roam¬ 
ing  between  home  and  office 
LANs,  Wi-Fi  hot  spots  and  the 


Cingular  network.  This  would  let 
subscribers  receive  broadband 
Internet  access  regardless  of 
where  they  are,  SBC  says. 

Pricing  for  FreedomLink  will  be 
announced  when  the  service 
becomes  available. 

Senior  Editors  John  Cox  and 
Denise  Pappalardo  contributed  to 
this  story. 
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■  THIS  WEEK'S  QUESTION: 

A  modem  based  on  V.92 
runs  at  up  to  56K  bit/sec 
downstream.  What  can 
it  run  up  to  upstream? 

*  i 
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LinuxWorld  bustles  despite  SCO  flap 

IBM  files  counterclaim  accusing  SCO  of  patent  infringement 


■  BY  JENNIFER  MEARS 

Any  suspicions  that  The  SCO 
Group’s  legal  battle  over  Linux 
would  put  a  damper  on  corpo¬ 
rate  adoption  of  the  open  source 
operating  system  were  pretty  well 
laid  to  rest  last  week  at  a  bustling 
LinuxWorld  show  featuring  major 
systems  vendors  touting  their  lat¬ 
est  Linux  wares. 

Analysts  attending  the  event 
say  the  show  floor  was  as  crowd¬ 
ed  as  ever  and  the  focus  was 
increasingly  on  Linux’s  role  in 
corporate  data  centers. 

“If  there  was  a  theme,  it  was 
likely  that  it’s  time  to  take  Linux 
in  the  enterprise  seriously.  A  sub¬ 
theme  was  that  enterprise  Linux 
isn’t  just  about  lower  acquisition 
costs  or  [total  cost  of  owner¬ 
ship]  anymore  —  it’s  also  about 


performance,  reliability,  stability, 
and  real  business  benefits  and 
ROL’says  Michael  Dortch,  princi¬ 
pal  analyst  at  the  Robert  Frances 
Group.  “Curiously  no  one  with 
whom  1  spoke  with  at  the  show 
even  mentioned  the  SCO  law¬ 
suit,  and  no  one  seemed  to  care 
when  the  subject  was  placed 
before  them.” 

Not  that  the  issue  was  com¬ 
pletely  ignored.  Red  Hat  and  IBM 
both  filed  legal  actions  against 
SCO  last  week  as  the  Linux 
community  stepped  up  its 
defense  against  SCO’s  claims.  The 
filings  came  as  SCO  unveiled 
pricing  for  its  UnixWare  licenses, 
which  it  says  will  protect  Linux 
users  from  copyright  infringe- 
ment.The  license  starts  at  $699  for 
a  single-CPU  system. 

The  ever-widening  legal  scuffle 


began  in  March  when  SCO  filed 
a  $1  billion  lawsuit  against  IBM 
alleging  that  the  company  had 
incorporated  purloined  Unix 
code  into  Linux.  SCO  later 
amended  that  action, upping  the 
amount  of  damages  it  was  seek¬ 
ing  to  more  than  $3  billion.  The 
company  also  said  it  was  termi¬ 
nating  IBM’s  Unix  license  and 
sought  compensation  from 
IBM’s  A1X  business.  AIX  is  IBM’s 
version  of  Unix. 

On  Wednesday,  IBM  filed  a 
counterclaim  in  U.S.  District  Court 
in  Salt  Lake  City  stating  that  SCO 
is  in  violation  of  the  General 
Public  License  (GPL),  which  gov¬ 
erns  how  open  source  software 
must  be  shared.  In  the  action,  IBM 
also  accuses  SCO  of  infringing  on 
four  IBM  patents  and  says  SCO 
improperly  claimed  the  right  to 


HP  upgrades  blade  lineup 


■  BY  JENNIFER  MEARS 

HP  has  upgraded  its  line  of  blade  servers  with 
faster  Intel  processors  and  rolled  out  a  new  24-port 
Gigabit  Ethernet  switch  that  the  com¬ 
pany  says  is  designed  to  let  users 
more  easily  incorporate  blades  in 
networked  environments. 

Among  the  upgrades  is  a  new  low- 
power-consuming  blade  that  em¬ 
ploys  Intel’s  Pentium  M  processor,  a 
low-power,  high-performance  chip 
originally  designed  for  notebook 
computers.  The  ProLiant  BLIOe 
blade  server  is  built  on  a  1-GHz  Ultra 
Low  Voltage  Pentium  M  processor 
and  includes  a  lM-byte  Level  2 
cache  and  a  400-MHz  front  side  bus. 

Pricing  starts  at  less  than  $1,800. 

The  HP  ProLiant  BL20p  server  has 
been  upgraded  with  two  3.06-GHz 
Xeon  DP  processors,  1  M-byte  Level  3 
cache  and  a  533-MHz  front  side  bus. 

Pricing  starts  at  about  $5,500, and  the 
blade  with  a  Fibre  Channel  card  for 
SAN  connectivity  starts  at  $6,500. 

The  four-processor  BL40p  blade, 
meanwhile,  now  comes  with  either 
2.8-GHz  Xeon  MP  processors  and  a 
2M-byte  Level  3  cache  or  2.(KjHz 
Xeon  MPs  and  a  1  M-byte  Level  3 
cache  Pricing  for  the  2.0GHz  blade  starts  at  just 
more  than  $8,000,  while  the  2.8-GHz  blade  starts  at 
a  little  more  than  $17,000. 

HP  also  announced  that  its  ProLiant  BL  GbE2  In¬ 
terconnect  Switch  has  been  upgraded  with  a  new 
24-port  Gigabit  switch  module  Nortel  designed.The 
switch,  which  also  supports  Fibre  Channel,  comes 
after  HP  first  announced  SAN  connectivity  for  its 


blades  in  January  Pricing  for  the  switch  will  be 
announced  next  month. 

Looking  forward,  HP  plans  to  enhance  connectiv¬ 
ity  among  the  blades  and  will  support  Layer  3-Layer 
7  switching,  as  well  as  10  Gigabit 
Ethernet,  says  James  Mouton, 
vice  president  of  industry-stan¬ 
dard  server  platforms  at  HP“We’ll 
be  looking  at  more  sophistica¬ 
tion  around  virtual  LAN  capabili¬ 
ties  and  controls  where  you  can 
move  a  server  in  or  out  of  a  given 
pool  of  servers,”  he  says. 

One  user  says  the  continued 
enhancements  to  HP’s  blade 
lineup  let  him  make  broader 
use  of  blade  systems  within  his 
data  center. 

“We’ve  standardized  on  blades 
and  we  intend  to  buy  nothing 
else,"  says  Eric  French,  network 
manager  at  the  Greater  Balti¬ 
more  Medical  Center,  which 
recently  scrapped  three  full 
racks  of  servers  for  one  rack  of 
30  HP  ProLiant  BL20p  blade 
servers.  “Two  things  made  that 
possible:  one  is  the  2p  blades 
are  Fibre  Channel  attachable 
now  so  we  can  attach  them  to  the 
SAN,  and  the  40p  gives  us  the 
capability  to  have  quad  processors.” 

RLX  Technologies  and  Engenera  were  the  first  to 
market  with  blade  servers,  but  last  year  major  ven¬ 
dors  such  as  IBM,  Dell  and  HP  unveiled  their  own 
blade  products.  Sun  introduced  its  first  blade  serv¬ 
er  earlier  this  year.  HP’s  announcement  shows  that 
blades  are  “starting  to  mature  and  go  mainstream," 
says  llluminata  analyst  Gordon  Haff.  ■ 


HP  has  boosted  the  performance 
of  its  blade  server  line,  includ¬ 
ing  the  BL20p,  which  now  is 
powered  by  two  3.06-  GHz  Xeon 
processors. 


revoke  its  AIX  license. 

Supporting  the  latter  claim  are 
two  letters  from  Novell  CEO  Jack 
Messman,  which  sold  the  Unix 
System  V  code  to  SCO  in  1995. 
The  letters  say  that  SCO  does  not 
have  the  right  to  terminate  the 
IBM  license. 

Earlier  in  the  week,  Red  Hat 
filed  a  complaint  against  SCO  in 
federal  court  in  Wilmington,  Del., 
to  “hold  SCO  accountable  for  its 
unfair  and  deceptive  actions." 

Red  Hat  held  a  press  confer¬ 
ence  on  the  opening  day  of 
LinuxWorld  to  announce  the  fil¬ 
ing.  At  the  same  time,  Red  Hat 
launched  the  Open  Source  Now 
Fund,  which  it  says  was  created 
to  help  defray  legal  expenses 
associated  with  defending 
infringement  claims  SCO  has  lev¬ 
eled.  Red  Hat  pledged  $1  million 
to  the  effort. 

In  response  to  the  week’s  activ¬ 
ity  SCO  reiterated  its  claims  and 
said  it  would  continue  to  defend 
its  intellectual  property  rights. 

“As  the  stakes  continue  to  rise  in 
the  Linux  battles,  it  becomes  in¬ 
creasingly  clear  that  the  core  issue 
is  bigger  than  SCO,  Red  Hat  or 
even  IBM. The  core  issue  is  about 
the  value  of  intellectual  property 
in  an  Internet  age,”  SCO  said  in  a 
statement.  “If  IBM  were  serious 
about  addressing  the  real  prob¬ 
lems  with  Linux,  it  would  offer  full 
customer  indemnification  and 
move  away  from  the  GPL.” 

Despite  the  increasingly  heated 
battle  with  SCO,  LinuxWorld  atten¬ 
dees  said  the  issue  did  little  to  dif¬ 
fuse  the  focus  on  corporate 
deployments  of  Linux. 

“Looking  at  the  products  and 
technology  on  display  this  year,  1 
am  struck  by  the  attention  being 
given  by  exhibitors  and  atten¬ 
dees  to  management,  security 
and  clustering  products  as  ven¬ 
dors  attempt  to  deliver  solutions 
that  will  let  Linux  servers  — 
today  generally  concentrated  in 
the  one-  to  four-CPU  range  — 
address  very  large  computing 
problems,”  says  Richard  Fichera, 
Giga  Research  Fellow  at  For¬ 
rester  Research. 

IBM  and  SuSE  Linux,  for  exam¬ 
ple,  announced  that  SuSE’s  Enter¬ 
prise  8  Linux  software  had 
achieved  an  international  secur¬ 
ity  accreditation,  making  it  secure 
enough  even  for  national  defense 
IT  systems  (see  story  page  18). 
Dell,  meanwhile,  announced  it 
would  ship  its  low-end  Rower- 


March  to  Lin 


Last  week's  LinuxWorld 
reinforced  the  operating 
system’s  growth  into  data 
centers.  A  recent 
Forrester  Research  study 
that  queried  50  IT  execu¬ 
tives  at  companies  with  at 
least  SI  billion  in  revenue 
reflects  that  trend: 

“Are  you  planning  to 
increase  your  Linux  usage 
in  the  next  two  years?” 

Don’t  know  6% 


No,  usage 
decreases  2% 

No,  usage 

stays  flat 

w 


Yes  72% 


Edge  servers  with  Red  Hat  Enter¬ 
prise  Linux  ES. 

As  expected,  Veritas  introduced 

clustering  tools  for  IBM  DB2, 

MySQL  and  Oracle  databases  that 

it  says  will  increase  recovery  and 

availability  of  those  applications 

running  on  Linux.  Veritas  also 

announced  that  its  Foundation 
% 

Suite  storage  software  is  now 
available  for  users  mnning  Linux 
on  IBM  mainframes.  And  HP  and 
IBM  both  announced  Linux- 
based  clustering  products  and 
said  their  network  management 
software  products  are  now  more 
Linux-friendly. 

Other  news  at  the  show 
included: 

•  Novell’s  acquisition  of  Ximian, 
which  makes  management  and 
desktop  software  for  Linux. 

•  Sun’s  demonstration  of  its 
open  source  desktop  for  Linux, 
code-named  Mad  Hatter. 

•  An  announcement  from  BEA 
Systems,  Dell,  EMC,  HP  Network 
Appliance,  Novell,  SuSE,  Unisys, 
Veritas  and  VMware  that  they 
have  teamed  to  give  support  to 
corporate  Linux  users  as  part  of 
the  Technical  Support  Alliance 
Network.  ■ 
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THAT  ANTI-VIRUS  AND 
FIREWALLS  AREN'T  ENOUGH. 
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Dynamic  Threat  Protection.  The  most  complete  protection  available. 

Most  large-scale  Internet  attacks  completely  bypass  firewalls  and  anti-virus.  We  stop  these 
threats  cold.  How?  Simple.  We  are  #1  in  the  world  for  security  intelligence  and  threat  protection 
technology.  We  deliver  the  fastest,  most  accurate  detection,  prevention  and  response  solution. 
We  call  it  Dynamic  Threat  Protection.  Visit  us  at  www.iss.net/iss-nww  or  call  800-776-2362. 
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NetWare 

continued  from  page  1 

a  product  that  has  seen  market 
share  plummet  in  recent  years 
along  with  Novell’s  overall  for¬ 
tunes.  This  turmoil  only  rein¬ 
forces  the  notion  that  NetWare’s 
still  sizable  installed  base  is  at  a 
crossroads.  The  options  for  cus¬ 
tomers  are  clear:  Stay  the  course 
with  an  operating  system  that 
might  not  be  supported  far  into 
the  future;  wait  and  see  if  the 
company’s  promises  to  move 
NetWare  services  to  Linux  pan 
out;  or  make  the  leap  and 
migrate  all  their  services  to 
Windows. 

Sources  say  Novell’s  manage¬ 
ment  was  sharply  divided  this 
spring  over  the  decision  to  keep 
developing  on  the  NetWare  ker¬ 
nel  while  migrating  its  services  to 
Linux  or  to  announce  an  end-of- 
life  schedule  for  the  once-domi- 
nant  network  operating  system. 

“Novell  was  almost  ready  to 
announce  an  end-of-life  for  Net¬ 
Ware  and  say  it  was  serious 
about  Linux  by  killing  NetWare,” 
says  a  former  employee  who 
took  part  in  the  discussions  and 
asked  that  he  not  be  named. 

The  parallel  development  ap¬ 
proach  won  out. 

However,  some  observers  con¬ 
tinue  to  doubt  that  Novell  will 
release  another  version  of 
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The  company’s  fortunes  have  been 
up  and  down  over  the  years. 
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its  operating  system  after  Net¬ 
Ware  6.5. 

“When  push  comes  to  shove  it’s 
going  to  be  all  Linux  because  it’s 
just  too  expensive  to  maintain 
two  engineering,  test  and  support 
groups,”  the  source  says. 

Novell’s  focus  was  certainly  on 
Linux  last  week  with  the  Ximian 
acquisition  and  news  that  its 
GroupWise  collaboration  plat¬ 
form  would  be  ported  to  Linux, 
with  a  beta  test  slated  for 
next  month. 

Many  Novell  products  already 
run  on  Linux,  including  eDirec- 
tory,  ZENworks,  iFolder  and  its 
Volera  Excelerator  caching  soft- 
ware.The  company  recently  said 
that  Nterprise  Linux  Services  — 


software  that  gives  customers 
file,  print,  messaging,  directory 
and  management  services  and 
runs  on  Red  Hat  and  SuSE  Linux 
—  will  be  available  by  year-end. 
NetWare  6.5  also  includes  sup¬ 
port  for  the  Apache  Web  server, 
MySQL  open  source  database 
and  PHP  the  Web  scripting 
language. 

But  Novell  still  relies  on  the 
sale  of  NetWare  product  licenses 
for  about  30%  of  its  revenue,  and 
isn’t  sure  that  the  potential  for 
Linux  revenue  is  comparable. 
Red  Hat,  which  dominates  the 
Linux  market,  reports  overall  rev¬ 
enue  is  that  only  about  one-quar¬ 
ter  of  the  $361  million  Novell 
generated  last  year  from 


Proficient  device  aims 
to  pick  best  VPN  route 


■  BY  TIM  GREENE 

Proficient  Networks  is  introducing  a  low-cost  appli¬ 
ance  that  is  designed  to  let  customers  direct  VPN 
traffic  to  the  best  Internet  connection  at  sites  with 
more  than  one  Internet  link. 

The  box, called  NPE210A,is  a  scaled-down  version 
of  Proficient’s  NPE510A  device,  and  is  priced  to 
attract  customers  that  have  site-to-site  VPNs  whose 
performance  they  want  to  improve.  Picking  the  best 
route  for  VPN  traffic  requires  a  Proficient  device  at 
each  site,  making  it  important  to  keep  down  the 
price  of  outfitting  each  office.  Previously,  customers 
had  to  use  the  NPE510A,  which  cost  $30,000,  but 
they  now  can  buy  an  NPE210A  for  $9,000. 

Proficient's  appliances  fall  into  the  class  of 
route-control  equipment  that  plugs  into  corpo¬ 
rate  LANs  and  monitors  performance  on  Internet 
access  lines  to  determine  which  link  is  giving  the 
best  performance.  Then,  based  on  policies  that 
take  into  account  the  performance  of  the  Internet 
connections  and  the  price  of  the  connections, 
the  devices  can  divert  traffic  to  one  Internet  con¬ 
nection  or  another. 

For  instance,  if  the  latency  on  two  links  is  within 


50  millisec,  the  NPE  could  be  set  to  pick  the  less- 
expensive  link.  But  if  the  latency  difference  is  more 
than  50  millisec,  the  NPE  could  pick  the  faster, 
regardless  of  cost. 

Other  vendors  in  this  area  include  Sockeye  and 
netVmg.  NetVmg  makes  the  FCP  50R  for  small 
offices  that  monitors  traffic  to  50  destinations  and 
costs  $12,000. 

To  optimize  the  performance  of  site-to-site  VPNs 
where  each  site  has  more  than  one  Internet  con¬ 
nection,  both  ends  of  the  connections  have  to  be 
tended  by  a  routecontrol  device.  Because  most 
VPNs  are  between  smaller  branch  offices  and  larger 
headquarters,  equipment  for  smaller  offices  don’t 
need  to  have  as  much  capacity  as  equipment  for 
larger  headquarters. 

NPE210A  tracks  performance  for  up  to  100  desti¬ 
nations,  which  Proficient  says  should  be  enough  for 
a  branch  office.  NPE510A  supports  up  to  5,000 
destinations. 

The  entire  NPE  line  has  been  certified  by  Check 
Fbint  to  integrate  with  its  VPN-l/Firewall-1  software. 
This  certification  means  the  NPE  equipment  can  be 
monitored  and  managed  from  Check  Fbint’s  man¬ 
agement  platform.  ■ 


NetWare  alone. 

NetWare  customers  generally 
express  a  mixture  of  content¬ 
ment  and  caution  when  dis¬ 
cussing  the  product. 

“Yes,  we’re  happy  with  Novell 
and  have  no  plans  to  get  rid  of 
[our  NetWare  servers]  for  now,” 
says  Jim  Mapes,  a  network  ad¬ 
ministrator  with  Knape  &  Vogt,  a 
specialty  drawer  manufacturer  in 
Grand  Rapids,  Mich.  “I  wouldn’t 
go  so  far  though  as  to  say  we’ll 
keep  them  as  long  as  Novell  is 
around.” 

Knape  &  Vogt  uses  NetWare  for 
file  and  print,  and  Windows  for 
e-mail,  databases,  Web  and  finan¬ 
cial  applications. 

“At  this  point  we  are  going  to 
continue  to  use  NetWare,”  says 
Scott  Ficek,  director  of  IT  for 
Mesaba  Airlines,  a  regional  air¬ 
line  in  Minneapolis.  Ficek  has  25 
NetWare  servers. 

Most  users  say  that  if  Novell 
were  to  end  NetWare  they  would 
pay  for  a  migration  to  Linux  or 
Windows. 

“We  would  be  willing  to  pay  for 
the  [NetWare]  services  that 
would  be  ported  to  Linux,  espe¬ 
cially  the  NetWare  kernel,”  says 
Jeff  Johnson,  systems  software 
engineer  for  Georgia  State  Uni¬ 
versity  in  Atlanta.  Johnson  has  92 
NetWare  6  and  5.1  servers. 

Otis  Lamar,  systems  administra¬ 
tor  for  the  Jefferson  County  gov¬ 
ernment  in  Golden,  Colo., says, “If 
Novell  services  will  run  on  Linux, 
we  will  look  at  migrating  to  Linux 
in  the  future  and  would  be  will¬ 
ing  to  pay  for  it.”  He  already  is 
looking  at  Linux  as  an  alternative 
to  Windows. 

“We  do  not  expect  Novell  to 
give  away  the  services  for  free, 
since  we  already  pay  for  them  on 
other  platforms,”  Lamar  says. 

Another  problem  for  Novell  is 
that  NetWare’s  dwindling  market 
share  hurts  its  ability  to  attract 
application  developers.  Linux  is 
the  fastest-growing  operating  sys- 
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tern,  according  to  1DC,  having 
shown  41%  growth  from  late 
2001  to  the  fourth  quarter  of 
2002.  NetWare  commanded  al¬ 
most  40%  of  the  network  operat¬ 
ing  system  market  during  its  hey¬ 
day  in  the  early  ‘90s,  but  has  only 
in  the  neighborhood  of  10% 
today  While  Novell  counters  such 
doom  and  gloom  by  noting  that 
there  are  4  million  NetWare 
servers  installed  serving  90  mil¬ 
lion  users,  the  perception  persists 
that  developers  are  indifferent. 

“We  are  under  increasing  pres¬ 
sure  to  drop  NetWare  in  favor  of 
Windows  servers  due  to  an  in¬ 
creasing  trend  among  vendors  to 
stop  writing  software  for  Net¬ 
Ware,”  says  Jeff  Durfee,  IT  manag¬ 
er  for  Milton  J.  Wood  Co.  in 
Jacksonville,  Fla. 

Novell’s  prospects  for  reversing 
that  trend  are  cloudy,  experts  say. 

“When  1  talk  to  the  software  and 
hardware  community  support  for 
NetWare  is  in  line  after  Windows 
and  Linux”  says  John  Enck, 
research  director  for  Gartner.  “So 
when  they  write  management 
agents  and  device  drivers, 
NetWare  support  isn’t  off  the  spec, 
but  it’s  pretty  far  down  the  list.” 

However,  another  industry  ob¬ 
server  sees  hope  in  Novell’s  new 
strategies. 
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“I’m  not  completely  sure  No¬ 
vell  is  going  to  remain  irrele¬ 
vant,”  says  A1  Gillen,  research 
director  for  lDC.“The  company’s 
Nterprise  Linux  Services  initia¬ 
tive  raises  some  interesting  pos¬ 
sibilities  for  them.  Most  impor¬ 
tantly,  it  gives  them  an  applica¬ 
tion  server  platform." 

“It  also  makes  more  sense  to 
the  hardware  vendors  because 
they  are  looking  to  sell  more 
Linux  as  well,”  Enck  says.  “If  you 
look  at  the  deployment  of  Linux 
in  the  enterprise,  it’s  still  the  early 
days,  so  there’s  still  opportunity 
for  Novell  to  make  a  play  there. 
Novell  has  a  shot  at  it,  but  it 
would  have  been  better  two 
years  ago.”  ■ 
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3Com  CEO  bullish  on  being  Cisco  alternative 


■  BY  PHIL  HOCHMUTH 

3Com  CEO  Bruce  Claflin  says  there  is  a 
void  in  the  market  for  enterprise  network 
infrastructure  —  an  absence  of  an  alterna¬ 
tive  to  Cisco.  And  he  intends  to  fill  the  gap. 

To  do  this,3Com  is  plotting  a  road  map  of 
new  products  and  technologies  —  securi¬ 
ty  WAN  routing,  10  Gigabit  Ethernet  and  IP 
storage  —  that  it  will  roll  out  over  the  next 
six  to  12  months,  along  with  software  and 
tools  to  make  it  all  work  together. 

In  a  market  where  Cisco  dominates  every 
major  subcategory,  from  basic  LAN/WAN 
gear  to  wireless,  security  and  voice  over  IP 
shooting  for  second  place  won’t  be  seen  as 
a  lack  of  ambition.  But  industry  watchers 
say  3Com,  along  with  its  joint-venture  part¬ 
ner  Huawei  Technologies,  will  face  chal¬ 
lenges  in  a  crowded  field. 

The  joint  venture  with  Huawei  is  one  of 
the  key  elements  of  3Com’s  enterprise 
comeback  bid,  after  the  company  stopped 
making  high-end  network  gear  in  2000 
because  of  low  profit  margins.The  Huawei 
partnership  —  announced  in  March  and 
due  to  be  complete  in  October  —  already 
has  yielded  its  first  product  with  3Com’s 
Switch  7700,  a  box  competing  with  Cisco 
Catalyst  4000  series. 

Claflin  says  3Com  will  continue  to  launch 
products  over  the  next  year  that  will  go  up 
against  Cisco’s  core  Catalyst  6500  box  and 
Cisco’s  WAN  access  routing  products,  such 
as  its  2600-series  routers. 

He  also  is  bullish  about  Huawei’s  Versatile 
Routing  Platform  (VRP),a  competing  soft¬ 
ware  product  —  Cisco  and  others  call  it  a 
clone  —  to  Cisco’s  Internetwork  Operating 
System  (10S). 

Claflin  adds  that  plans  are  in  the  works  to 
incorporate  VRP  into  existing  3Com  prod¬ 
ucts,  as  well  as  future  3Com/Huawei  gear. 

VRP  is  the  focus  of  a  suit  Cisco  filed 
against  Huawei  in  February  for  what  it 
claims  were  copyright  and  intellectual 
property  infringements.  Use  of  code  from 
Cisco’s  IOS  in  Huawei’s  VRP  software  was 
among  the  charges.  (Last  month,  when  a 
critical  flaw  in  IOS  was  found,  several 
security  firms  warned  that  VRP-based 
Huawei  routers  might  be  susceptible  to 
the  same  bug.)  In  its  suit,  Cisco  sought  to 
have  Huawei  products  barred  from  sale  in 
the  U.S.,  but  such  an  injunction  was  not 
granted.  Huawei  removed  the  disputed 
code  from  its  software,  but  the  case  is 
ongoing. 

Claflin  says  VRP  violates  no  intellectual 
property  rights  and  that  the  joint  venture 
will  push  forward  with  product  integra¬ 
tion.  He  adds  that  other  3Com  intellectual 
property,  such  as  IP  voice  and  its 
Extendable  Resilient  Networking  —  a 
high-speed  switch  interconnect  and  fail¬ 
over  technology  —  also  will  be  fitted  into 
Huawei-based  gear  sold  by  the  joint  ven¬ 
ture.  Joint  research-and-development 
efforts  also  are  underway  between  the 
partners  to  develop  gear  that  can  handle 
storage  traffic, such  as  iSCSI,  as  well  as  10G 


Ethernet  technology  for  connecting  high- 
end  switches. 

It  is  with  such  joint  R&D  endeavors 
that  Claflin  says  3Com  can  leapfrog 
competitors. 

Another  advantage,  Claflin  says,  is  Hua¬ 
wei’s  China-based  engineering  team  costs 
a  fraction  of  what  a  U.S.  company  might 
pay  its  own  R&D  group.  This  results  in 
more  engineers  working  on  projects  at  a 
lower  cost  than  competitors,  he  says.  This 
also  allows  switches  and  routers  produced 
by  the  joint  venture  to  be  brought  to  mar- 


3Com  s  enterprise  push 

With  designs  on  being  the  top 
alternative  to  Cisco  for  large 
enterprise  LAN  infrastructure 
and  VoIP  gear,  3Com  is  already  in 
a  good  position. 
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ket  more  quickly,  with  the  finished  prod¬ 
ucts  being  more  robust  and  reliable. 

“[Huawei]  can  change  the  rules  of  the 
game,”  he  says. “They  have  a  cost  structure 
that’s  fundamentally  different  than  Western 
companies.” 

Citing  a  research  report  from  Merrill 
Lynch,  Claflin  says  there  is  no  single  sup¬ 
plier  in  the  minds  of  enterprise  customers 
that  is  a  product-for-product  alternative 
to  Cisco. 

“I  view  that  as  a  positive,” he  says“because 
of  all  my  competitors  none  has  a  clear 
advantage  over  us.  But  we’ve  still  got  a  lot  of 
work  to  do.” 

Industry  watchers  are  skeptical,  putting 
emphasis  on  the  work  the  company  needs 
to  do  to  achieve  its  goals. 

“They’ll  have  good  opportunities  outside 
North  America,”  says  Lawrence  Orans,  prin¬ 
cipal  analyst  with  Gartner.  “But  here  in 


North  America,  there’s  still  a  bad  taste  in 
the  mouth  of  ex-3Com  customers  regard¬ 
ing  the  way  they  exited  the  [enterprise] 
business”  in  2000.“They’re  going  to  have  to 


prove  themselves  in  places  like  the  Asia- 
Pacific  region  and  offer  some  jaw-dropping 
prices  before  making  a  big  comeback 
here.”  ■ 
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News 


HP,  IBM 
and  Sun 
back 
Tripwire 

■  BY  ELLEN  MESSMER 


Security  vendor  Tripwire  is 
spearheading  an  effort  to  devel¬ 
op  an  Internet-based  database 
where  companies  could  store  in¬ 
formation  that  would  help  them 
check  for  unauthorized  file 
changes. 

HR  IBM  and  Sun  last  week 
voiced  support  for  the  nascent 
standards  effort,  the  so-called  file- 
signature  database,  not  expected 
to  be  completed  until  next  year. 
As  planned,  the  file-signature 
standards  database,  named  Trip¬ 
wire  for  Servers,  could  hold 
unique  “fingerprints”  of  millions 
of  files  from  many  companies 
and  likely  be  based  on  estab¬ 
lished  standards  such  as  Simple 
Object  Access  Protocol  and  XML 
standards. 

A  fingerprint  is  a  digital  hash  of 
a  file  or  operating  system  that  pro¬ 
vides  a  unique  mathematical  rep¬ 
resentation.  If  a  file  is  changed,  its 
fingeqrrint  will  look  different.Trip- 
wire  products  check  for  file  in¬ 
tegrity  by  comparing  old  and 
new  file  fingerprints. 

In  a  joint  commercial  venture, 
HP,  IBM  and  Sun  are  working  with 
Tripwire  to  foster  the  design  for 
the  database  on  the  Internet  to 
hold  file  fingerprints.  Customers 
could  store  file  fingerprints  and 
remotely  access  them, as  an  alter¬ 
native  to  storing  them  in-house. 

“It  could  simplify  my  life  greatly 
says  John  Freeman,  senior  pro¬ 
cess  control  systems  engineer  at 
Bayer  Pharmaceutical  in  Shaw¬ 
nee,  Kan.,  which  has  deployed 
Tripwire  for  Servers  on  several  of 
its  most  critical  Sun  and  NT 
servers.  Bayer  Pharmaceutical 
now  stores  in-house  the  signature 
hash  of  files  used  for  periodic 
data-integrity  check.  But  the  op¬ 
tion  to  use  a  trusted  party’s  In¬ 
ternet-based  service  for  this 
would  eliminate  the  need  to 
store  file-signature  data.  ■ 


Security 
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Longhorn 

continued  from  page  1 

move  the  technology  forward 
they  have  to  do  it.” 

The  Longhorn  “wave”  (as  Micro¬ 
soft  calls  the  set  of  products)  will 
include  a  dramatically  new 
client,  with  integrated  universal 
data  storage  called  WinFS.  It  also 
will  include  a  chip-based  security 
model  formerly  called  Palladium; 
a  user  interface  overhaul;  a  new 
application  model  built  around 
an  API  called  Avalon  that  super¬ 
sedes  Win32;  and  improved  com¬ 
munication  and  collaboration 
features  based  on  a  Web  services 
framework  code-named  Indigo. 

Longhorn  also  will  have  a  cor¬ 
responding  server  to  support 
WinFS  and  new  management 
capabilities,  among  other  fea¬ 


Early  efforts  with  peer  to  peer 
and  IPv6  are  being  bolted  onto 
Windows  XP  and  offer  a  glimpse 
of  the  type  of  feature  packs  and 
piecemeal  upgrades  that  Micro¬ 
soft  plans,  before  and  during  the 
Longhorn  upgrade  to  jump-start 
migration.  Microsoft  did  a  similar 
jump-start  with  Windows  Server 
2003  by  releasing  early  public-key 
infrastructure  and  Exchange  2003 
schema  changes  that  were 
needed  in  Active  Directory 

In  a  forthcoming  report,  Gartner 
says  it  expects  Microsoft  to  deliver 
at  least  three,  and  possibly  five  or 
more,  “server  feature  packs”  and 
limited-edition  offerings  between 
Windows  Server  2003  and  the 
Longhorn  server. 

Bill  Gates,  Microsoft  chairman, 
chief  software  architect  and  stew¬ 
ard  of  Longhorn,  said  recently 


The  vagueness  regarding  the 
timing  fuels  migration  questions 
for  users.  While  the  Longhorn 
client  is  expected  in  2005, Gartner 
predicts  that  the  server  will  be 
released  sometime  between  mid- 
2006  and  2007.  That  means  users 
who  upgrade  the  client  would  be 
without  features  such  as  WinFS 
that  rely  on  the  server. 

“You  don’t  get  all  the  goodness 
until  you  have  deployed  the  Long¬ 
horn  client,  server  and  Office  up¬ 
grade,”  says  John  Enck,  an  analyst 
with  Gartner.  He  says  Microsoft 
might  look  to  one  of  three  op¬ 
tions:  a  Longhorn  server  beta  that 
can  be  used  in  test  environments; 
a  limited  edition  of  the  server  that 
supports  WinFS;  or  retrofitting 
WinFS  support  into  Windows 
Server  2003.  He  says  the  final 
option  is  highly  unlikely. 


Big  bang 

Microsoft  says  it  expects  to  roil  out  its  Longhorn  products  over  a  number  of  years  as 
the  company  upgrades  its  software  to  match  its  .Net  and  Web  services  strategy. 

Strategies 

Challenges 

•  Shift  its  software  portfolio  to  a  foundation  built 
on  .Net  starting  with  a  dramatically  new  Longhorn 
client  operating  system. 

•  Dependencies  on  Longhorn  will  require  upgrades 
to  Office,  something  that  could  slow  the  adoption 
of  both  client  operating  system  and  Office  versions. 

•  Upgrade  its  server  operating  system  and  server 
applications  as  well  as  develop  a  range  of  new 
products  to  take  advantage  of  the  .Net  core. 

•Work  on  unifying  code  to  create  better  integra¬ 
tion  between  products  in  its  software  portfolio. 

V 

•The  upgrade  cycle  for  customers  could  be  long 
and  tedious. 

•  Competitors  such  as  IBM,  Sun  and  BEA  Systems 
also  are  building  unified  software  stacks. 

J 

tures.  It  will  include  an  Office 
upgrade  built  to  take  advantage 
of  the  new  API;  upgrades  to 
Microsoft’s  CRM  and  ERP  appli¬ 
cations;  new  versions  of  Visual 
Studio  .Net  development  tools, 
code-named  Orcas;  and  a  range 
of  server  software  from  collabora¬ 
tion  to  electronic  commerce, 
Microsoft  says. 

Details  about  those  products  are 
sketchy  because  Microsoft  is  still 
trying  to  define  their  feature  sets. 

However,  sources  say  Long¬ 
horn  will  include  a  full-scale, 
identity  management  infrastruc¬ 
ture,  which  Microsoft  started  to 
preview  in  July  and  is  expected 
to  expand  upon  in  October  at 
its  Professional  Developers 
Conference. 

Also  expected  is  integrated 
peer-to-peer  technology  in  the 
client  and  server  that  will  support 
patch-  and  virus-update  distribu¬ 
tion,  and  real-time  project  track¬ 
ing.  It  is  also  expected  that 
Longhorn  will  enable  collabora¬ 
tion  and  secure  document  shar¬ 
ing  outside  the  firewall.  Inte¬ 
gration  of  IPv6  to  enhance  secur¬ 
ity  also  is  planned. 


that  “Longhorn  should  drive  a 
whole  range  of  upgrades.”  And 
foreshadowing  the  technological 
shifts  brought  on  by  Longhorn,  he 
said,  “virtually  everything  at 
Microsoft  is  synchronized  to 
build  on  this  platform.” 

Sources  close  to  Microsoft 
describe  the  transition  to  Long¬ 
horn  only  by  saying  that  some¬ 
thing  major  is  going  to  happen. 
Microsoft  officials  declined  to 
comment. 

It’s  a  grandiose  scenario  Win¬ 
dows  users  know  all  too  well. 

“It’s  what  you  get  used  to,"  says 
Jeff  Allred,  manager  of  network 
services  at  Duke  University  Can¬ 
cer  Center  in  Durham,  N.C.“But  I’d 
like  for  things  to  stay  stable  for  a 
while.  1  won’t  worry  about  this 
now,  but  I’ll  be  thinking  about  it.” 

Corporate  users  won’t  see  the 
Longhorn  client  until  2005  at  the 
earliest,  when  it  is  expected  to 
ship.  A  developer  preview  is 
scheduled  to  be  available  in 
October  and  the  first  beta  late 
next  year. 

A  time  frame  has  not  been  set 
for  delivery  of  the  rest  of  the 
“wave"  of  Longhorn  products. 


“You  won’t  see  Microsoft  over¬ 
commit  on  Longhorn  server  fea¬ 
tures,”  Enck  says.“This  will  not  be 
another  huge  upgrade.They  need 
to  stay  conservative  so  they  can 
hit  the  dates.” 

Hitting  the  dates,  if  they  are 
within  Gartner’s  prediction's  the 
reason  corporate  executives 
should  be  mapping  out  future 
plans. 

Win  2000  will  hit  its  end-of-sup- 
port  life  cycle  in  2005.  Extended 
support,  which  costs  extra,  would 
stretch  support  to  March  2007.  If 
the  Longhorn  server  ships  before 
that  2007  deadline,  it  would  be  a 
natural  upgrade  path. 

Anything  later,  however,  will 
leave  Win  2000  customers  in  the 
same  boat  Windows  NT  users  are 
in  today  with  an  outdated  and 
soon-to-be  unsupported  operat¬ 
ing  system. 

“Planning  is  tough,”  Enck  says. 
“It’s  good  that  Microsoft  has  pub¬ 
lished  the  life-cycle  road  map, 
but  the  bad  thing  is  that  they 
have  had  trouble  delivering.”® 
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LAN/WAN  SWITCHES  AND  ROUTERS 
ACCESS  DEVICES  ■  SERVERS  ■  VPNS 
OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 
VOIP  ■  WIRELESS  NETWORKS 


GigE  switches  drive  more-for-less  trend 

User  demand  up  while  smaller,  more-efficient  Gigabit  components  help  bring  switch  prices  down. 


■  BY  PHIL  HOCHMUTH 

As  Gigabit  Ethernet  pricing  continues  to 
free-fall,  the  technology  is  finding  its  way 
into  corporate  networks  where  10M  bit/sec 


■  Sun  is  updating  the  processors  on 
its  Sun  Fire  V480  server.  Now  the 

company’s  rack-optimized  server  will 
be  available  with  1.05-GHz  UltraSparc 
III  processors,  an  upgrade  from  the 
900-MHz  models  that  Sun  had  been 
shipping.  This  upgrade  will  give  the 
machines  a  22%  boost  in  perfor¬ 
mance,  Sun  says.  Sun  markets  the 
V480  as  a  low-cost,  entry-level  system. 
It  is  the  last  of  the  Sun  Fire  servers  to 
be  upgraded  to  Sun’s  1 ,05GHz  chip. 
Pricing  for  the  V480  will  remain 
unchanged.  A  dual-processor  mac¬ 
hine  with  4G  bytes  of  memory  will  list 
for  about  $20,000.  A  four-way,  166- 
byte  machine  costs  $43,000. 

■  NuView  is  launching  a  version  of  its 
storage  management  software  that 
will  include  data  life-cycle  manage¬ 
ment  capability,  snapshot  backup  and 
byte-level  replication  of  data.  Sto- 
rageX  4.0  lets  administrators  man¬ 
age  and  move  data  across  heteroge¬ 
neous  devices  based  on  criteria  such 
as  age,  size  or  data  type.  It  also  gives 
users  the  capability  to  back-up  data 
via  snapshot  technology  and  replicate 
only  the  data  that  has  changed. 

Pricing  for  StorageX  starts  at  $2,000 
per  managed  device. 

■  Gateway  last  week  rolled  out  its 
first  four-way  server  in  an  attempt  to 
win  over  more  business  customers. 
The  Gateway  995  will  be  available 
with  up  to  four  Xeon  MP  processors 
from  Intel.  The  base  configuration 
costs  about  $6,000  with  a  single  2.0- 
GHz  Xeon  MP  processor,  51 2M  bytes 
of  double  data-rate  memory,  a  dual¬ 
channel  Ultra  SCSI  controller  and  a 
36G-byte  hard  disk. 


hubs  once  might  have  served  small  work¬ 
groups. 

Recent  products  from  vendors  such  as  D- 
Link  Systems,  Linksys,  Netgear  and  SMC 
Networks  continue  to  push  the  more-for- 
less  trend  in  network  switches.Two  engines 
drive  this  trend:  increasing  demand  for 
faster  LAN  links;  and  smaller,  more  efficient 
LAN  switch  components  from  network  sili¬ 
con  makers. 

Since  1999,  Gigabit  Ethernet  pricing  has 
dropped  from  the  $l,100-per-port  price 
range  to  an  industry  average  price  of  about 
$400  per  port.  This  estimate  includes  cop¬ 


per-based  fixed-configuration  Layer  2 
Gigabit  boxes  and  high-end  fiber-based 
Gigabit  ports  with  advanced  features. 

The  push  toward  Gigabit  Ethernet  to  the 
desktop  is  driven  somewhat  by  new  appli¬ 
cations,  such  as  streaming  media  and  IP 
telephony  Demand  also  comes  from  spe¬ 
cialized  or  vertical  markets  with  end  users 
who  work  with  large  files  or  use  specialized 
applications  that  utilize  lots  of  bandwidth. 

According  to  a  Network  World  survey  of 
500  IT  executives,  almost  two-thirds  of  the 
respondents  said  Gigabit  Ethernet  is 
already  in  their  networks,  while  another 


30%  said  it  will  be  in  the  next  two  years. 

Aperio,  a  San  Diego  company  that 
designs  equipment  for  digitizing  micro¬ 
scope  slides,  uses  Gigabit  desktops  to 
handle  unusual  bandwidth  requirements. 

“When  we  were  setting  up  the  network, 
we  realized  we’d  be  moving  huge  images 
around,  and  that  this  would  take  a  long 
time  with”  10/100M  bit/sec  Ethernet,  says 
Ole  Eichorn,  the  firm’s  CTO.  He  adds  that 
many  of  the  images  sent  across  the  net¬ 
work  are  so  large  that  if  they  were  printed 
in  pieces  on  a  standard  printer,  “it  would 
See  Gigabit,  page  18 


XIOtech  ups  magnitude  of  storage 


■  BY  DENI  CONNOR 

XIOtech  last  week  announced  a  new  ver¬ 
sion  of  its  Magnitude  storage  array  that  the 
company  says  lets  users  cluster  disk  drives 
and  storage  controllers  across  geographic 
distances  for  increased  availability  and 
fault-tolerance. 

Magnitude  3D  is  a  modular  storage  array 
that  can  be  broken  into  individual  com¬ 
ponents  and  clustered  —  disk  bays  and 
drives  can  be  separated  from  the  storage 
controllers  that  handle  disk  I/O. The  arrays 
can  be  placed  as  far  as  328  yards  apart 
over  Fibre  Channel  connections. 

As  drives  are  added  to  the  array,  the  data 
on  them  is  aggregated  into  a  virtual  pool  of 
data.  If  a  controller  fails, its  workload  is  redi¬ 
rected  to  the  remaining  controllers.  When 
new  drives  or  controllers  are  added  to  the 
cluster,  they  automatically  become  active 
and  their  data  is  added  to  the  pool.  Each 
cluster  of  two  controllers  can  support  as 
much  as  32  terabytes  of  data.  XIOtech  says 
next  year  the  size  of  the  cluster  will  in¬ 
crease  to  16  controller  nodes. 

Gary  Fbrter, senior  engineer  for  St.Vincent 
Hospital  and  Health  Services  in  Indian¬ 
apolis,  beta  tested  the  XIOtech  Magnitude 
3D.  “We  have  about  8  terabytes  in  the  new 
3D,"  he  says.  “The  controllers  can  be  geo¬ 
graphically  separated  for  high  availability.  If 
one  controller  goes  down,  we  don’t  have 
any  downtime, any  blips  or  packet  failures.” 

Most  storage  vendors,  such  as  competi¬ 
tors  EMC  and  Hitachi,  make  storage  arrays 
in  which  the  controllers,  drive  bays  and 
disk  drives  have  to  be  housed  in  the  same 


■  HOW  IT  WORKS 


XlOtech’s  Magnitude  3D  architecture 

By  clustering  their  storage  arrays  over  distances  of  as 
far  as  328  yards,  users  can  increase  the  availability  and 
fault-tolerance  of  their  storage  systems. 


(S  _ 

V 

Controllers 


O  In  a  Magnitude  3D  duster,  disk  bays  and  drives  are  separated  0  Geographically  separate  drives  ©  Existing  XIOtech 
from  the  controller.  Data  on  the  drives  is  virtualized  into  and  controllers  can  be  added  to  Magnitude  arrays 

a  single  pool.  If  a  controller  fails,  data  automatically  is  re-  clusters  for  availability  and  fault-  can  be  added  into 

assigned  to  another  controller  in  the  cluster.  tolerance.  any  cluster. 


chassis. 

“The  Magnitudes  controllers  can  be  in 
separate  chassis,  separate  data  centers, 
even  in  different  parts  of  the  country  Fbrter 
says.  “You  can  add  controllers  for  more 
throughput  and  horsepower.  It  allows  flexi¬ 
bility  and  scalability  no  one  else  can  do.” 

In  addition  to  the  availability  and  fault- 
tolerant  advantages  of  Magnitude  3D,  clus¬ 
tering  occurs  without  any  additional  soft¬ 


ware  on  the  server  and  with  any  Windows, 
Linux,  Unix  or  NetWare  operating  system. 
As  a  result,  acquisition  and  server  opera¬ 
tion  costs  are  reduced. 

Magnitude  3D  can  be  added  into  net 
works  with  XIOtech’s  existing  Magnituc 
storage  arrays 

A  two-terabyte  configuration  that  in 
eludes  all  software  to  enable  cluster! no 
costs  $135,000.  ■ 
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Everything  these  days  appears  to  be  a 
competition.  Not  only  in  sports  (Red 
Sox  vs.Yankeas,  Manchester  United  vs. 
Barcelona  and  so  on)  but  in  politics 
(California  Gov.  Gray  Davis  vs. 200-plus  peo¬ 
ple  who  want  to  replace  him),  and  even 
high-tech  business  (PeopleSoft’s  Craig 
Conway  vs.  Oracle’s  Larry  Ellison). We’re  so 
attuned  to  competition  that  we  see  it 
where  none  exists. 

The  other  day  I  was  speaking  with  Phaos 
Technology  CEO  Roger  Sullivan,  catching 
up  on  the  company’s  tool  kits  that  support 
the  Liberty  Alliance  identity-federation 
specification.  1  asked  him  about  Liberty’s 
spec  vs.  the  recently  introduced  WS-Feder- 


The  competitive  spirit  lives 


ation  specification  (part  of  a  series  of  Web 
Services  specifications  IBM  and  Microsoft 
are  launching  in  a  bid  to  control  the  next 
stage  of  computing).  After  first  giving  me 
the  obligatory  support  speech  (“Phaos, as  a 
technology  provider,  will  support  all  proto¬ 
cols  our  clients  want  to  support”),  Sullivan 
said  the  two  offerings  are  not  that  compet¬ 
itive  and  that  it’s  quite  possible  to  support 
one  with  the  other. 

WS-Federation,  as  befits  a  specification 
from  two  high-profile  tech  leaders,  is 
heavy  on  the  technology  of  federation  but 
completely  ignores  the  business  case.The 
Liberty  Alliance,  on  the  other  hand,  origi¬ 
nally  articulated  a  strong  business  case 
with  a  lot  of  “we’ll  fill  in  the  blanks  later” 
about  the  technology  For  example,  Liberty 
only  specifies  the  Security  Assertion 
Markup  Language  (SAML)  as  its  transport 
mechanism.  On  the  other  hand,  WS-Fed 
supports  SAML,  Kerberos,  x.509  certifi¬ 
cates  and  Extensible  Rights  Markup 


Language  —  and  it  easily  can  be  extend¬ 
ed  to  other  methods. 

But  WS-Federation  has  nothing  to  say 
about  the  agreements,  trust  and  liability 
that  federation  brings  to  the  various  parties 
in  a  transaction,  while  the  Liberty  Alliance 
(consisting  mostly  of  organizations  in  the 
business-to-consumer  and  business-to-busi- 
ness  space)  has  a  series  of  well-thought-out 
scenarios  and  recommendations  for  the 
business  agreements  that  are  a  necessary 
part  of  identity  federation. 

Sullivan  says  he  believes  that  eventually 
a  combination  of  the  two  specifications 
might  be  what  succeeds  in  the  real  world. 
There’s  certainly  nothing  in  the  Liberty 
specification  that  would  disallow  follow¬ 
ing  WS-Federation  in  terms  of  transport 
and  security  mechanisms  while  relying  on 
the  business  “best  practices”  ideas  in  the 
alliance’s  specifications. 

Competition  has  its  place  —  on  the  play¬ 
ing  field  or  in  the  boardroom  —  but  when 


it  comes  to  standards  and  specifications, 
we’d  all  do  well  to  adopt  a  more  coopera¬ 
tive  attitude. 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 


Tip  of  the  Week 


f  you  write  Java  code  and 
you  want  to  be  involved  in 


secure  identity  manage¬ 
ment,  then  you  need  to  visit 
Phaos’  Web  site  and  check 
out  its  tool  kits  for  identity 
and  security,  especially  the 
Liberty  Alliance  Toolkit  and 


Gigabit 

continued  from  page  17 

be  like  covering  a  tennis  court 
with  magazine  pages.” 

Gigabit  network  interface  cards 
and  integrated  lOOOBase-T  ports 
have  become  essential  items  for 
most  server  vendors.  And  recent¬ 
ly,  major  PC  manufacturers  —  in¬ 
cluding  Apple,  Dell,  Gateway  and 
HP  —  have  started  offering  point 
products  or  whole  lines  of  PCs 
with  integrated  Gigabit  Ethernet 
interfaces  built  into  the  mother¬ 
board. 

“It’s  amazing  how  prices  have 
dramatically  come  down,”  says 
Matt  Queen,  systems  administra¬ 
tor  with  Standridge  Color,  a  plas¬ 
tics  manufacturing  company  in 
Greensboro,  Ga. 

This  price  drop  let  Standridge 
rebuild  its  network  with  switches 
from  Dell.  All  switches  now  have 
multiple  Gigabit  uplinks  to  the 
core,  which  runs  Gigabit  over 
fiber. This  bandwidth  boost  didn’t 
break  the  company’s  bank  and  let 
it  look  at  new  applications  for  the 
network,  Queen  says. 

“The  reason  we  looked  into 
[Gigabit]  is  because  we  wanted 
to  do  [voice-over-lP]  apps,” 
Queen  says.  The  Gigabit  core 
supports  an  IP-enabled  PBX  run¬ 
ning  over  the  LAN  and  a  paging 
system  for  the  shop  floors  that 
runs  over  the  Ethernet  network. 
Bandwidth  utilization  has  yet  to 
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be  an  issue,  he  adds. 

Although  smaller  players  have 
entered  the  Gigabit  Ethernet  mar¬ 
ket  aggressively  this  segment  is 
still  very  much  a  Cisco  world. 
Cisco  owned  60%  of  the  7.4  mil¬ 
lion  Gigabit  ports  shipped  in 
2002. And  3Com  and  D-Link  came 
in  second  and  third  with  7%  and 
6%  of  the  market,  respectively 
While  3Com  has  made  a  recent 
push  to  appeal  to  Cisco’s  cus¬ 
tomer  base  of  large  corporations, 
D-Link  remains  focused  on  small¬ 
er  shops  and  the  consumer  mar¬ 
ket.  Observers  say  the  appeal  of  D- 
Link  Gigabit  products  to  the  mass¬ 
es  is  a  sign  of  commoditization  in 
the  Gigabit  LAN  switch  market. 

Part  of  this  move  to  lower-cost 
products  comes  from  more  effi¬ 
cient  design  and  component  fab¬ 
rication  techniques  from  compa¬ 
nies  that  enterprise  customers 
usually  don’t  deal  with  directly 

“A  number  of  different  things 
have  changed  and  are  still  chang¬ 
ing”  in  the  Ethernet  component 
realm  that  lead  to  lower-cost  gear, 
says  Jim  Muth,  product  line  man¬ 
ager  for  Gigabit  Ethernet  systems 
at  Broadcom.  Muth’s  firm  makes 
many  of  the  components  and  sili¬ 
con  that  go  into  switch  vendors’ 
products.  He  points  to  two  main 
factors  that  drive  down  cost  — 
size  and  heat. 

Many  key  components  in  cop¬ 
per-based  Gigabit  Ethernet 
switches  are  now  one-third  the 
size  they  were  when  the  technol¬ 
ogy  was  introduced  in  2000,  Muth 
says.This  lets  more  physical  ports 
be  packed  together  tighter,  mak¬ 
ing  the  overall  products  less 
expensive. 

“Anytime  you  can  shrink  a  com- 


How  low  can 
GigE  goP 

The  average  price 
for  a  Gigabit 
Ethernet  port 
(including  modular 
and  non-modular 
switch  prices) 
continues  to  drop. 


SOURCE:  IDC 


D-Link’s  DGS-1008D  (top)  and  SMC's 
SMC8612T  both  offer  Gigabit  Ethernet 
for  less  than  $100  per  port. 


ponent,”  he  says,  “that  will  help 
you  out  on  your  cost." 

He  adds  that  copper-based 
Gigabit  switches  also  run  much 
cooler  now,  which  helps  keeps 
pricing  down  for  two  reasons. 
Going  from  5  watts  of  power 
down  to  750  milliwatts  —  com¬ 
mon  for  today’s  components  — 
means  less-expensive  power  sup¬ 
plies  are  necessary.  Plus,  with  less 
heat,  fans  can  be  shrunken  or  re¬ 
moved  —  another  factor  leading 
to  a  smaller  price  tag,  Muth  says.B 


IBM,  SuSE  secure  Linux 
with  Fed  certification 

■  BY  JENNIFER  MEARS 

Linux  took  another  step  in  its  evolution  last  week  when  IBM  and 
SuSE  Linux  announced  that  the  open  source  operating  system  had 
achieved  an  international  security  certification  used  by  the  federal 
government. 

At  LinuxWorld  in  San  Francisco,  the  companies  announced  that  SuSE 
Linux  Enterprise  Server  8  running  on  Intel-based  IBM  servers  had 
achieved  a  Common  Criteria  security  certification. Common  Criteria  is 
an  internationally  recognized  standards  organization  created  to  devel¬ 
op  criteria  for  IT  security  To  earn  Common  Criteria  certification,  prod¬ 
ucts  must  meet  strict  standards  in  areas  such  as  development  environ¬ 
ments,  security  functionality  how  security  vulnerabilities  are  handled, 
security-related  documentation  and  product  testing.  IBM  has  been 
shepherding  SuSE  through  the  Common  Criteria  process. 

A  year  ago,  the  National  Security  Agency  mandated  that  all  national 
security  systems  use  Common  Criteria-evaluated  products,  but  has 
since  relaxed  that  directive  because  of  the  dearth  of  accredited  prod¬ 
ucts.  Instead,  vendors  whose  products  are  used  for  national  security  sys¬ 
tems  must  commit  to  getting  their  products  through  Common  Criteria 
testing  (see  related  story  at  www.nwfusion.com,  DocFinder  7132). 

With  the  certification,  Linux  joins  a  handful  of  products  that  Common 
Criteria  has  approved  .The  certification  “will  be  a  critical  factor  as  Linux 
is  applied  to  mission-critical  environments,”  says  Fritz  Schulz,  a  com¬ 
puter  scientist  at  the  Defense  Information  Systems  Agency 

IBM  and  SuSE  are  not  the  only  vendors  working  on  Evaluation 
Assurance  Level  (EAL)  certification.  In  February,  Red  Hat  and  Oracle 
announced  plans  to  certify  Red  Hat  Advanced  Server, a  project  that  is 
expected  to  be  completed  in  December. 

Linux  vendors  previously  had  avoided  EAL  certification  because 
the  cost  is  prohibitively  expensive,  running  somewhere  between 
$500,000  and  $2  million,  says  Michael  Rasmussen,  an  analyst  at  For¬ 
rester  Research.  But,  he  says,  new  U.S.  government  regulations  are 
making  Common  Criteria  certification  an  increasingly  important 
requirement  for  government  contracts.“All  of  the  federal  government, 
including  civilian  agencies  will  have  to  buy  Common  Criteria  prod¬ 
ucts  within  the  next  24  months,”  Rasmussen  says. 

SuSE  Linux  Enterprise  Server  8  on  IBM  eServer  xSeries  earned  an 
EAL  2+  certification, and  IBM  and  SuSE  say  they  have  filed  for  a  higher 
level  of  security  certification  and  expect  to  achieve  that  later  this  year. 

The  IDG  News  Service  contributed  to  this  report. 


An  increasingly  mobile  workforce 
opens  your  network  up  to  o  host  of  threats, 
both  accidental  and  intentional. 


The  only  place  to  securely  meet  the  challenges  that  a  mobile 
workforce  brings  to  a  network  is  at  the  point  where  people  connect. 
The  HP  ProCurve  Adaptive  EDGE  Architecture  affordably  puts 
intelligence  and  control  at  the  edge  of  the  network,  giving  you  the 
power  to  easily  adapt  to  future  needs  as  new  wired  and  wireless 
mobility  solutions  are  implemented. 

With  industry-standard  switches  like  the  HP  ProCurve  5300x1  series, 
you  can  cost-effectively  deploy  user  and  security  applications  at  the 
point  of  connection.  It  immediately  recognizes  the  user  and  the  types 
of  services  and  access  they  are  permitted  to  have,  preventing 
unauthorized  traffic  and  potential  threats. 

Free  Network  Design  To  schedule  a  free  network  design  and  to 
learn  how  HP  ProCurve's  affordable  solutions  can  help  you  meet 
current  and  future  needs  for  mobility,  security  and  convergence, 
call  1-800-975-7683  or  visit  hp.com/qo/procurve. 


hp  procurve 
5372x1 


©  2003  Hewlett-Packard  Development  Company,  L.P.  All  rights  reserved 


Tech  Friendly  because... 


Desktop  Color  & 
B&W  Printers 


•Common  User  Interface 


•Universal  Print  Driver 


•Integrated  Wireless  Solutions 


W  orkgroup  Printers 


•Cartridge-Free  Drum  Design 


trtmerihit  Printing 


•Very  Low  Cost  of  Ownership 


Technology  so  advanced, 
it’ll  make  you  smile. 

Tech  people  face  a  world  of  many 
demands  and  little  time.  Our  all-digital 
line  of  printers,  copiers  and  MFPls  are 
highly  reliable  and  ready  for  network 
use,  either  wired  or  through  our 
embedded  wireless  technology. 

Kyocera  Mita  uses  advanced  technology 
to  make  life  simple  and  productive. 

Everything  we  do  is  aimed  at  making 
things  less  complex.  Examples?  A  single 
driver  operates  all  our  devices.  NetViewer™ 
software  administers  our  systems  across 
your  network  in  real  time.  The  list  is 
long.  And  it’s  how  we’ve  made  so  many 
friends  in  the  MIS/IT  department. 

Tech  friends  meet  at: 
www.kyoceramita.com/us 
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Research  exec  helps 


Since  the  inception  of  its  first  lab  in  1945,  IBM  Research 
has  grown  to  fill  eight  worldwide  labs,  employ  about 
3,500  researchers  —  including  five  Nobel  prize  winners 
—  and  help  Big  Blue  become  an  IT  innovator  and  mar¬ 
ket  power  across  several  technology  disciplines.  IBM's 
research  executives  credit  the  company's  vast  user  com¬ 
munity  with  helping  the  computer  heavyweight  deter¬ 
mine  product  road  maps.  This  week  IBM  will  discuss  its 
global  technology  outlook  at  SHARE'S  semi-annual  IBM 
users  conference  in  Washington,  D.C.,  which  is  expected  to  draw  about 
2,000  participants  for  more  than  700  hours  of  technical  education  ses¬ 
sions  covering  a  range  of  IBM  technologies.  Network  World  Senior  Writer 
Denise  Dubie  sat  down  with  Robert  Morris,  director  and  vice  president  of 
IBM  Research,  to  discuss  how  his  team  determines  where  to  find  tomor¬ 
row  's  technologies. 


IBM  bring  projects  to  reality 


Tell  me  a  bit  about  what  key  technologies  you're  working  on  at  IBM  Research. 

I  run  the  Almaden  [Calif.]  research  center.  We  work  on  nanotechnology  such  as 
the  very  basics  of  our  capabilities  in  physics  and  chemistry  that  allow  us  to  be 
leaders  in  the  microelectronics  business.  And  we  put  those  technologies  together 
to  form  components.  We  also  do  research  on  how  the  components  are  assembled 
into  systems. 

In  terms  of  systems,  one  of  our  major  focus  areas  here  now  is  on  storage  systems. 
We  are  building  self-managing  storage,  which  will  continue  to  lower  the  cost  of 
storage.Then  on  the  next  level  up,  we  work  on  data  management  technologies, 
which  of  course  includes  databases,  but  it  also  means  data  mining  and  exploiting 
the  Web.  Above  that  we  have  a  lot  of  work  going  on  for  Web  technologies.  Also  we 
do  work  on  the  user  experience,  making  sure  that  our  systems  interact  well  with 
people.  Finally  we  perform  research  on  how  people  interact  .To  really  serve  the 
services  part  of  IBM’s  business,  we  have  basic  research  going  on  regarding  how 
people  interact,  how  they  communicate,  how  they  collaborate  and  how  we  can 
improve  the  interactions  between  people  as  they  solve  IT  problems.  We  like  to  say 
it's  from  atoms  through  to  society 

See  Morris,  page  22 


■  When  Microsoft  releases 
Office  2003  it  will  give  certain 
Office  Standard  Edition  users  the 
right  to  order  Office  Professional 
Edition  applications  at  no  extra  cost 
and  offer  a  Step-up  License  to 
upgrade  to  the  full  Office  Pro¬ 
fessional  suite.  Both  offers  apply 
only  to  volume  license  buyers  who 
bought  a  right  to  upgrade  to  Office 
2003  Standard  Edition  from  earlier 
editions,  either  through  Software 
Assurance  or  its  predecessor, 
Upgrade  Advantage,  Microsoft 
says.  Microsoft  hopes  the  offers 
will  entice  customers  to  switch  to 
the  more  expensive  Office  Pro¬ 
fessional  Edition,  but  also  aims  to 
satisfy  customers  who  might  have 
been  unpleasantly  surprised  by  the 
vendor's  move  announced  earlier 
this  year.  The  Step-up  License  will 
be  sold  from  Sept.  1,  2003,  until 
Sept.  1,  2004.  Microsoft  did  not  offer 
such  a  license  upgrade  option  in 
the  past,  forcing  customers  who 
wanted  to  upgrade  to  buy  a  com¬ 
pletely  new  license. 


Start-up  aims  to  safeguard  Web  servers 


■  BY  ELLEN  MESSMER 

Start-up  MagniFire  WebSystems  this 
week  plans  to  announce  TrafficShield  2.0, 
an  updated  version  of  its  application  fire¬ 
wall  that  the  company  says  will  help  cus¬ 
tomers  prevent  break-ins  into  Web  servers. 

TrafficShield  2.0  will  add  a  number  of 
new  defenses,  including  the  ability  to 
block  hackers  attempts  to  change  their  ID 
and  privileges  after  authentication  — 
known  as  dynamic-parameter  tampering. 
The  package  also  can  prevent  database 
harvesting,  an  attack  using  automated 
scripts  to  slowly  extract  information  or 
cause  a  denial-of-service  attack. 

TrafficShield  2.0,  which  supports  100M 
bit/sec  or  Gigabit  Ethernet  connections,  is 
typically  installed  as  a  reverse  proxy  in 
front  of  the  HTTP-based  Web  servers  to  be 
protected,  either  in  a  data  center  or 
behind  the  firewall.TrafficShield  can  block 
known  Web  worms  and  unidentified 
worms  based  on  suspicious  activity. 

It  can  block  an  attack  known  as  “forceful 
browsing” in  which  a  hacker  turns  to  input- 
related  tricks  from  a  browser  to  gain  illegal 
access  to  Web  content  through  invalid 
input.TrafficShield  also  detects  other  trick¬ 
ery  such  as  cookie  poisoning,  hidden-field 
manipulation  and  stealth  commanding, 
such  as  SQL  injection. 
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PROFILE: 


MAGNIFIRE 

WEBSYSTEMS 

Started: 

2000  by  Mark  Sahaf  and 
Michael  Shafir. 

Located: 

Tel  Aviv,  Israel,  with 

U.S.  offices  in  New 

York  City. 

Funding: 

$9.1  million  from 
Jerusalem  Venture 
Partners  and  Lucent 
Venture  Partners. 

Number  of 
employees: 

30 

Product: 

MagniFireTrafficShield 

application  firewall. 


The  appliance  monitors  the  Web  site  to 
detect  changes  and  analyzes  the  changes 
to  suggest  policy-update  recommenda¬ 
tions,  which  can  either  be  applied  auto¬ 
matically  or  with  administrative  approval. 

“We  have  an  automatic  process  that’s  like 
a  crawler  that  goes  over  the  application  to 
understand  the  JavaScripts  and  applets, 
looking  at  flow  parameters,” says  MagniFire 
CEO  Eitan  Bauch.  “Every  day  you  add  a 
line  of  code  you  open  yourself  up  to  new 


vulnerabilities."  However,  TrafficShield 
can’t  monitor  traffic  when  VPNs  are  used 
to  access  the  internal  network  and  appli¬ 
cations  directly 

At  least  one  user  was  impressed  with 
TrafficShield’s  ease  of  use. 

“The  first  day  we  installed  the  product, 
we  were  able  to  see  a  graphic  display  of 
our  entire  Web  application.  It  was  amaz¬ 
ing.  We  could  see  every  entry  point,  every 
legal  user  interaction  for  the  first  time.Our 
developers  were  very  impressed  by  that,” 
says  Elbling  Zvi,  infrastructure  and  tech¬ 
nology  manager  at  Bank  of  Jerusalem, 
which  has  used  TrafficShield  since  Jan¬ 
uary  to  protect  an  online  banking  appli¬ 
cation. 

With  its  research  and  development  roots 
in  Israel,  MagniFire  sold  the  first  version  of 
TrafficShield  mainly  to  Israeli  and  Euro¬ 
pean  corporations,  but  with  an  office  now 
in  New  York,  the  start-up  is  prepared  to 
market  the  $25,000  TrafficShield  2.0  to  U.S. 
customers  as  well,  Bauch  says. 

MagniFire  competes  against  Kavado, 
NetContinuum,  Sanctum  and  Teros  in  the 
application  firewall  arena.  Some  cus¬ 
tomers  using  the  MagniFire  appliance  say 
it  can  be  somewhat  easier  to  configure  a 
security  policy  because  it  has  a  spidering 
mechanism  to  “map"  the  application  it  is 
intended  to  protect.  ■ 
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Some  people  think  the  Internet  could 
be  a  wiretap-free  zone.  While  that 
might  be  nice, don’t  hold  your  breath. 
“Legal  intercept,”  the  more  accurate  but 
more  complex  term  for  wiretapping  by  law 
enforcement  organizations,  has  been 
around  in  the  telephone  business  since 
day  zero.  But  currently  the  legal  picture  of 
wiretapping  Internet  communications  is 
quite  muddy. 

It  is  arguably  the  case  that  the  major  U.S. 
law  dealing  with  legal  intercept,  the  1994 
Communications  Assistance  for  Law  En¬ 
forcement  Act  (CALEA).does  not  actually 
provide  a  clear  legal  foundation  for  wire¬ 
tapping  some  types  of  Internet  communi¬ 


More  of  life  under  observation 


cations.  For  example,  people  who  should 
know  what  they  are  talking  about  have 
predicted  that  the  U.S.  government  would 
lose  a  test  case  trying  to  apply  CALEA  to 
voice  over  IP  (VoIP).  But  that  does  not 
mean  the  FBI  agrees  with  that  analysis  or 
will  avoid  asking  for  VoIP  intercepts. 

In  March,  the  FBI  and  the  U.S.  De¬ 
partment  of  Justice  expressed  their  views 
in  response  to  an  FCC  request  for  com¬ 
ment  about  regulating  VoIP  But,  even  if 
the  courts  were  to  rule  that  CALEA  does 
not  cover  VoIP  and  other  Internet  appli¬ 
cations,  I  cannot  imagine  Congress  not 
passing  a  new  law  in  very  short  order  in 
these  days  of  anti-terror  fervor  that  would 
make  the  authority  to  wiretap  unambigu¬ 
ous  and,  probably,  far  too  easy  to  invoke. 
So  I  expect  that  any  freedom  from  moni¬ 
toring  we  might  think  we  have  will  be 
fleeting,  if  ISPs  have  not  been  cooperat¬ 
ing  fully  with  surveillance  requests  for 
quite  a  while  now. 


But  a  number  of  recent  news  reports 
have  me  quite  puzzled.lt  looks  like  the  FBI 
wants  to  go  about  the  business  of  being  Big 
Brother  in  the  most  illogical  way  The 
reports  are  that  the  FBI  wants  VoIP  service 
providers  to  execute  the  surveillance.  This 
makes  very  little  sense.  VoIP  runs  as  just 
another  application  over  the  Internet  —  it’s 
just  bits  —  thus,  anyone,  even  the  bad  guys, 
can  be  a  VoIP  provider.  Does  the  FBI  want 
to  have  to  go  to,  and  trust,  thousands  of 
individual  VoIP  service  providers  to  get  the 
tapping  done? 

Additionally,  the  basic  architecture  of 
VoIP  is  such  that  the  packets  carrying  the 
voice  do  not  pass  through  any  central 
server,  so  there  is  no  central  place  to  mon¬ 
itor  them.  All  other  Internet-based  appli¬ 
cations  also  are  just  bits  over  the  ’Net  and 
anyone  can  set  up  a  server.lt  is  illogical  to 
approach  monitoring  from  the  server  side. 

The  only  logical  approach  is  to  do  the 
monitoring  in  the  Internet  access  network 
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(see  www.nwfusion.com,  DocFinder:  7225) 
for  an  example  of  how  this  can  be  done). 
This  is  not  to  say  that  I’m  fond  of  the  idea, 
nor  is  this  meant  to  say  that  history  has 
shown  that  all  government  authorities  are 
always  trustable.  But  it  is  the  only  logical 
way  to  do  what,  the  laws  will  say,  must 
be  done. 

Still,  I  fear  the  alternative  is  laws  that  tell 
ISPs  to  restrict  who  can  run  servers  and  to 
put  restrictions  on  the  permitted  service 
architectures  —  that  would  destroy  the 
Internet  and  hand  it  over  to  the  phone 
companies,  the  folks  who  know  how  to 
work  in  that  kind  of  environment. 

Disclaimer:  Harvard  predates,  and  I 
fully  expect  will  outlast,  the  phone  com¬ 
panies.  It  has  not  expressed  an  opinion 
on  this  topic. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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How  does  IBM  decide  what  to  research,  what 
becomes  a  product  and  what  doesn't? 

We  are  very  careful  to  maintain  a  bal¬ 
ance  between  free-ranging  basic  ex¬ 
ploratory  research  and  undirected 
research  on  the  one  hand,  and  on  the 
other  hand,  research  that  is  very  inti¬ 
mately  tied  to  customer  and  product 
requirements.  We  spend  a  lot  of  time 
making  sure  that  we  balance  these.  If 
you  do  just  one  or  the  other, you  will  fail. 

If  you  only  respond  to  customer 
needs,  you  will  become  an  advanced 
technology  shop, you  will  join  up  the 
dots  and  you  will  be  ultimately  unable 
to  invent  a  disruptive  technology  And  if 
you  only  do  basic  undirected  research, 
you  will  miss,  because  no  research  insti¬ 
tution,  no  matter  how  good,  will  catch 
every  trend.  And  even  if  you  have  those 
two, you’re  not  guaranteed  success.You 
have  to  fill  in  the  in-between. There’s  a 
kind  of  a  middle  third,  a  middle  area  of 
pre-product. That’s  developing  things 
that  after  a  bit  of  research  you  realize 
J  and  hope  one  day  could  become  a  use- 
1  ful  technology  or  product. 

What  has  IBM  recently  passed  down  to 
the  research  group  in  terms  of  product 

direction? 

The  biggest  activity  is  a  really  new  mis- 

Ision  within  IBM  of  transforming  infor¬ 
mation  technology  into  an  on-demand 
capability,  which  of  course  has  a  variety 
of  aspects.  Some  people  think  of  that  as 
the  maxing  of  IT  available  as  a  utility, 
and  it  certainly  includes  that,  but  it’s 


much  more  than  that.  It’s  about  trans¬ 
forming  the  whole  IT  operating  environ¬ 
ment.  And  over  and  above  that,  it’s  about 
transforming  business. 

Where  did  the  on-demand  vision  originate? 

This  is  not  something  that  is  kind  of  a 
big  bang. We’re  not  going  to  say’This  is 
when  we’ll  launch  our  first  and  our  last 
on-demand  product.’  If  you  go  back  a 
year  and  a  half,  one  of  the  things  we 
were  talking  a  lot  about  was  autonomic 
computing,  and  we’re  still  working  really 
hard  on  that.  It  is  one  of  the  first  ways 
we  began  to  discover  this  on-demand 
movement.  CIOs,  through  hearing  and 
learning  about  the  technological  re¬ 
quirements  of  autonomic  computing, 
told  us  that  that  computing  environ¬ 
ment,  the  on-demand  enterprisers 
something  they’d  like  to  see. 

It  turns  out  that  autonomic  computing 
is  the  technology  heart  and  soul  of  on- 
demand.  It  is  the  technology  skeleton 
on  which  on-demand  is  built. 

Autonomic  has  actually  been  going 
on  for  several  years,  and  we  didn’t  start 
on-demand  several  years  ago.  Our  prod¬ 
ucts  had  been  component-autonomic 
even  prior  to  that.  We  are  now  working 
toward  being,  to  make  up  a  definition, 
systems-autonomic  or  holistically  auto¬ 
nomic  now. 

Could  you  elaborate  on  how  autonomic  or 
on-demand  research  has  found  its  way  into 
IBM  products? 

To  start  w-here  the  human  touches  the 
technology,  one  of  the  most  noticeable 
parts  of  that  is  using  the  client.  In  the  PC 
arena,  our  ThinkPads  and  ThinkCenter 
desktops  are  well  known,  and  within 
those  we  have  created  the  autonomic 
client. 


An  example  of  autonomic  is  the  way 
our  systems  are  self-managing  as  they 
connect  into  the  network.  Our  Think¬ 
Pads  now  ship  with  a  technology  called 
Access  Connections,  which  automati¬ 
cally  connects  the  client  into  the  net¬ 
work  that  is  there. You  don’t  really  have 
to  reconfigure  at  any  time.  And  new 
technology  we’re  working  on,  which 
will  come  out  fairly  soon,  will  also  auto¬ 
matically  optimize  your  connection. 

What  about  security? 

Naturally,  that  has  to  go  hand-in-hand 
with  security  technology. We’re  working 
on  a  wide  range  of  security  technolo¬ 
gies,  including  an  embedded  chip  with¬ 
in  our  ThinkPad. That  allows  clients  to 
store  keys  and  do  an  embedded  securi¬ 
ty-system  capability  so  that  all  of  the 
files  can  be  automatically,  on-the-fly 
encrypted  when  they  are  stored.  So  if 
you  should  lose  your  machine,  the  files 
are  quite  safe. 

We  can  do  a  biometric  authentication 
to  ourThinkPhds  as  well. And  we  make 
that  available  because  we  recognize 
that  the  way  people  connect  with  these 
very  complex  back-end  IT  systems  is 
mostly  through  a  client  like  a  ThinkPad. 

How  does  IBM  translate  this  type  of  secu¬ 
rity  into  wireless  environments? 

We  are  extending  that  technology 
now.  Basically  the  way  you  used  to 
locate  rogue  access  points  was  with  a 
handheld  sniffer,  which  you  had  to  walk 
around  the  building  with  to  find  rogue 
access  points.  But  now  we’ve  extended 
that  technology  to  the  point  where 
every  client,  every  machine,  whether  it 
be  a  desktop  or  a  mobile,  that  is  in  the 
enterprise  or  on  the  campus,  can  partic¬ 
ipate  in  that.You  don’t  have  to  have  that 


sniffer  anymore. 

This  is  called  Distributed  Wireless 
Security  Auditor.  From  any  machine 
that’s  on  our  network  it  can  triangulate, 
find  rogue  access  points  and  then  auto¬ 
matically  go  in  and  shut  them  down. 

How  do  user  groups  such  as  SHARE  affect 
what  IBM  research  develops? 

It  affects  us  in  a  couple  of  ways.  Pri¬ 
marily  it  allows  us  to  listen.Twenty  years 
ago  in  IT  you  told  people, ‘Look  at  our 
new  technology  and  then  got  their  reac¬ 
tion  to  it.Today  it’s  been  reversed. Today 
you  listen. 

People  in  our  company  from  the  CEO 
down  to  researchers  are  out  talking  to 
customers  from  their  CEOs  to  their  net¬ 
work,  database  or  storage  administra¬ 
tors.  It’s  what  led  to  this  on-demand 
movement.  We  just  kept  hearing  from 
our  customers  that  they  needed  to  be 
able  to  work  with  a  variable  base  ins¬ 
tead  of  a  fixed  base  because  of  the 
change  in  their  industry  We  heard  that 
they  had  to  be  much  more  resilient 
toward  disaster.  Whether  it  was  a  market 
change  or  a  disaster,  we  heard  them  say 
they  needed  to  be  more  flexible.  ■ 


More  online! 

Read  the  unabridged  version  of  the  interview  with 
Robert  Moms  where  he  talks  about  how  IBM 
targets  research  at  vertical  markets. 
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Superior  power  and  reliability. 


Thirty  years  ago  Ethernet  was  just  an  idea.  Today 
it's  the  technology  that  drives  your  business. 

For  nearly  three  decades,  3Com®  has  delivered  the 
high-performance  Ethernet  switching  that  keeps 
networks  running  reliably,  and  provides  the  tools  for 
people  to  work  productively  and  businesses  to  compete 
successfully.  For  proven  performance  and  value,  choose 
3Com  10/100  switches. 

Enterprise-class  features  and  flexibility 

Feature-rich  3Com  SuperStack®  3  Switch  4400  family 
switches  are  ideal  for  high-performance  environments 
running  IP  telephony,  Power  over  Ethernet,  security,  or 
where  a  highly  optimized,  resilient  network  is  needed. 


SuperStack  3®  Switch  4400  Family 


Small  office  affordability  and  convenience 

Economical  3Com  SuperStack  3  Switch  4200  family 
switches  offer  Layer  2  switching  that's  easy  to  install, 
operate  and  afford.  Built-in  stacking,  wirespeed 
performance,  ease-of-use  features  and  standards- 
based  operations  help  ensure  that  you'll  be  up  and 
running  in  no  time. 

Get  CASH  BACK  on  every  3Com  SuperStack  3 
Switch  4400  and  Switch  4200  you  buy...  plus  the 
chance  to  win  a  classic  1973  Chevrolet  Corvette!* 


SuperStack  3  Switch  4200  Family 
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Possible  made  practical' 


Go  to  www.3com.com/73corvette/promo19  for  your  chance  to  win! 


1973, 


30  YEARS 

of  Ethernet 

\ 


2003 


Plus,  get  $60  CASH  BACK  for  every  Switch  4400  you  buy 
- —  -  $50  CASH  BACK  for  every  Switch  4200  you  buy 

$150  CASH  BACK  BONUS  when  you  buy  any  3 

*  Restrictions:  Rebate  program  is  open  to  end  user  companies  in  the  United  States  (excluding  Puerto  Rico)  and  Canada.  It  cannot  be  combined  with  any  other  3Com  discount  program  or  promotion  K 
complete  rules  visit  www.3com.com/73corvette/promo19.  Ends  8/31/03.  Sweepstakes  is  open  to  employees  of  end  user  companies  in  the  United  States  (excluding  Puerto  Rico)  and  Canada  (excluding  Quebe; 
No  Purchase  Necessary.  Purchase  Will  Not  Increase  Chances  Of  Winning.  Prize  valued  at  $20,000  (USD).  Odds  of  winning  depend  on  number  of  entries.  Subject  to  Official  Rules.  For  rules  and  entry  details  vis- 
www.3com.com/73corvette/promo19.  Ends  11/30/03.  Void  where  prohibited.  This  promotion  may  be  altered  or  canceleaat  any  time. 

Chevrolet  and  Corvette  are  trademarks  of  GM  Corp.  Chevrolet  is  not  a  sponsor  and  does  not  endorse  3Com  products.  Corvette  model  depicted  may  not  completely  or  accurately  represent  the  sweepstakes  priz; 

Copyright  ©  2003  3Com  Corporation.  All  rights  reserved.  3Com,  the  3Com  logo,  and  SuperStack  are  registered  trademarks  and  Possible  made  practical  is  a  trademark  of  3Com  Corporation  All  other  comp;, 
and  product  names  may  be  trademarks  of  their  respective  companies. 
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YOU  NEED  MORE  THAN  OUT-OF-THE-BOX  THINKING. 

YOU  NEED  TO  GET  MORE  OUT  OF  THE  BOX 

YOU’VE  ALREADY  GOT. 
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You’ve  got  to  increase  capacity.  Boost  revenue.  Migrate  to  IP. 

And  do  it  all  over  your  existing  network.  At  lower  cost. 

No  one  leverages  your  network  investment  like  Lucent.  We  can  help  you: 

✓  Transform  your  circuit-switched  network  to  enable  new  services  such  as  IP  Centrex 
and  hosted  call  centers,  with  our  new  5E-XC'“  software. 

✓  Bring  Ethernet,  wavelength  and  storage  services  to  your  existing  SONET/SDH  network. 

✓  Leverage  your  current  Frame  Relay  and  ATM  networks  to  deliver  IP  Services 
such  as  VPN  and  managed  bandwidth. 

With  Lucent’s  Navis *  iOperations  software,  you  can  generate  revenue  from  new  services  without 
additional  OS  investment.  And  the  networking  experts  of  Lucent  Worldwide  Services  can  get  it 
all  working  for  you  fast.  Learn  how  at  www.lucent.com. 

Networks  that  work  smarter.  Networks  that  work  harder.™ 
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■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


Visual  CEO  looks 
to  brighter  future 


Visual  Networks,  maker  of  packet-network  per¬ 
formance-monitoring  hardware  and  software,  is 
slogging  through  tough  times.  The  company  sold 
only  $9. 7  million  worth  of  equipment  in  the  sec¬ 
ond  quarter,  down  from  $15.2  million  in  the 
same  quarter  last  year.  The  company  needs  quar¬ 
terly  revenues  of  $1 1  million  to  become  prof¬ 
itable,  it  said  in  a  recent  financial-disclosure 
statement  to  the  Securities  and  Exchange  Commission.  If  the  com¬ 
pany  doesn 't  take  in  that  much,  it  might  be  forced  to  cut  expenses 
even  more  than  it  already  has. 

CEO  Larry  Barker  says  the  solution  is  simple:  Sell  more  Visual 
Uptime,  the  company’s  flagship  gear  that  gathers  frame  relay,  ATM 
and  IP  network  performance  data  and  interprets  it  so  service 
providers  and  their  customers  can  assure  the  services  contracted 
for  are  being  delivered.  If  he  is  successful,  businesses  can  expect 
to  see  more  service  providers  offering  access  to  Visual  Uptime 
data  as  a  way  to  prove  SLAs  are  being  met.  Recently,  Barker  spoke 
with  Network  World  Senior  Editor  Tim  Greene. 


Who  uses  Visual  gear? 

The  telecommunications  marketplace  segments  out  into  three  major 
categories  by  size:  Companies  that  acquire  [up]  to  40  circuits;  then  a 
bunch  of  companies  that  fall  into  the  40-to-l  75-circuit  delineation;  and 
then  175  and  above.  Maybe  5%  of  the  world’s  companies  fall  within  that 
175-and-above  category.  In  the  middle  category,  they  may  be  25%  of  the 
companies  controlling  20%  or  25%  of  the  circuits.  And  in  the  lower  cate¬ 
gory  you  have  upwards  of  70%  of  the  world’s  companies,  but  they  control 
maybe  5%  to  10%  of  the  total  ports.  [Up]  to  40  probably  doesn’t  have 
much  staff  to  deal  with  management  information  even  if  they  could  get 
it. This  may  not  be  a  No.l  priority  for  [Visual]. 

Where  Visual  plays  is  sort  of  between  the  two  upper  ones,  that  segment 
of  the  market  that  is  sophisticated  enough,  has  critical  data,  has  some  staff, 
but  is  looking  to  receive  its  performance-management  information  on  cir- 
cuits.They’re  going  to  get  that  from  a  service  provider  for  the  most  part. 

What  can  you  do  to  attract  more  of  these  customers? 

We’re  serving  one  market  today  via  service  providers.Then  there’s  a  set  of 
customers  that  is  a  little  smaller  and  a  set  of  customers  that  is  a  lot  larger 
that  we  want  to  serve. 

[The  smaller  customers]  would  love  to  have  Visual  capability  and  the 
quality  of  our  solutions  extended  out  into  more  of  the  market,  but  the 
value  against  the  cost  model  begins  to  get  dissipated  as  you  move  into 
some  of  the  less  complex  networks. 

Because  we  tend  to  deliver  via  service,  we’re  not  as  attractive  to  the 
more  complex  guys  who  have  a  lot  of  money  and  a  lot  of  requirements. 

If  we  can  think  about  ways  to  extend  into  those  two  market  segments,  all 
of  a  sudden  we  are  serving  a  much  larger  portion  of  the  market.  [They] 
want  our  capabilities,  but  just  may  want  to  acquire  it  a  little  differently 
than  how  we’re  going  to  market  today. 

See  Visual,  page  27 


Qwest  and  Sprint  PCS 
strike  wireless  deal 


■  BY  DENISE  PAPPALARDO 

Qwest’s  wireless  customers  can  look  for¬ 
ward  to  national  service  plans  that  elimi¬ 
nate  roaming  fees  and  include  new  data 
services  now  that  the  carrier  is  teaming 
with  Sprint  PCS. 

The  companies  announced  a  five-year 
agreement  last  week  in  which  Qwest  will 
transfer  1  million  wireless  customers  to 
Sprint  PCS’  national  network.  The  carriers 
did  not  discuss  financial  details. 

Qwest  is  operating  a  regional  wireless 
Code  Division  Multiple  Access  network  in 
its  14-state  region.  But  that  network  has 
been  on  the  chopping  block  for  more 
than  a  year,  says  Roger  Entner,  an  analyst 
at  The  Yankee  Group. 

“They  had  one  offer  [before  the  deal 
with  Sprint  PCS] ,  but  it  was  less  than  stel¬ 
lar,”  Entner  says.  Now  Qwest  is  looking  to 
offload  its  network  and  wireless  spectrum 
while  holding  onto  its  customers. 

Qwest  is  working  closely  with  Sprint  PCS 
to  develop  a  plan  to  migrate  users  to 
Sprint  PCS’  network,  says  Annette  Jacobs, 
executive  vice  president  of  consumer 
markets  at  Qwest.  Users  will  be  offered 
Qwest-branded  national  calling  plans  that 
also  will  include  Sprint  PCS  Vision  wire¬ 
less  data  options. 

Qwest  customers  could  buy  these  ser¬ 
vices  directly  from  Sprint  PCS,  but  the  car¬ 
rier  plans  to  offer  service  bundles  that 
will  let  users  receive  one  bill  for  local 
land-line  voice  and  wireless  services, 
Jacobs  says. 

The  carrier  has  not  offered  specific  call¬ 
ing-plan  details,  but  business  users  should 
expect  plans  that  offer  volume  discounts 
for  all  Qwest  services.  Entner  also  says 
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some  users  might  prefer  to  deal  with 
Qwest  customer  service.  Typically,  Sprint 
PCS  is  not  ranked  as  one  of  the  top  wire¬ 
less  providers  when  it  comes  to  customer 
service,  he  says. 

And  while  Qwest  hasn’t  offered  pricing 
details,  Entner  also  says  Qwest’s  wireless 
service  rates  might  be  more  economical 
for  some  customers.  ■ 


■  Verizon  Wireless  last  week 
launched  its  first  wireless  LAN  ser¬ 
vice,  which  lets  customers  connect 
to  the  Internet  at  up  to  1.5M  bit/sec. 
The  service  provider  announced  its 
plans  to  introduce  a  Wi-Fi  service  ear¬ 
lier  this  year.  Verizon  Wireless  is  team¬ 
ing  with  Wayport  to  offer  customers 
up  to  650  Wi-Fi  access  points  at 
hotels,  convention  centers  and  air¬ 
ports  across  the  U.S.  Customers  can 
sign  up  for  the  carrier's  Daily  Un¬ 
limited  Access  Plan  for  $7  for  each 
day  of  use.  This  lets  them  access  any 
number  of  hot  spots  within  a  24-hour 
period.  The  plan  is  designed  for  travel¬ 
ing  customers  who  might  only  use  the 
service  while  at  an  airport  or  hotel. 
Verizon  Wireless  users  who  are  on  the 
road  often  might  prefer  the  Monthly 
Unlimited  Access  Plan  for  $35  per 
month. 

■  Bell  Canada  ts  offering  a  man¬ 
aged  Internet  remote-access 
service  based  on  Aventail’s  Se¬ 
cure  Sockets  Layer  remote-access 
gear.  Called  Managed  Remote 
Access  SSL  VPN,  the  service  en 
ables  companies  to  grant  employees 
and  business  partners  access  to 
their  corporate  networks  via  Internet 
connected  PCs  and  requires  no  spr 
cial  software  on  the  remote  ma¬ 
chines.  The  service  is  based  on  Aven- 
tail's  EX-1500  appliance.  It  can  supple 
ment  Bell  Canada’s  Managed  Re¬ 
mote  Access  IP  VPN  based  on  IP 
Security. 
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Last  year,  Dell  sold  more  Linux  servers  in  the  U.S.  than  any  other  server  vendor!  And  here’s 

one  reason  why.  In  a  recent  Dell  test,  a  Dell/Oracle®  9//Linux  solution  running  an  Intel®  Xeon” 
processor-based  Dell  PowerEdge”  6650  4P  server  was  89%  faster  and  56%  less  expensive  than  a 
Sun  Fire  V480  4P  server  running  an  Oracle  9//Sun  Solaris  solution.2  To  see  complete  test  results,  go 
to  www.dell.com/migration16. 


There’s  little,  if  any,  debate:  Migrating  from  UNIX  to  a  standards-based  solution  lowers  cost  and 
increases  flexibility.  Dell  gives  you  both  mind-bending  performance  and  unparalleled  expertise,  all 
at  a  great  value.  And  the  entire  solution  is  backed  by  enterprise  level  24/7  service  and  support. 


The  migration  is  on.  Find  out  how  you  can  make  the  most  of  it  for  your  organization.  Call 
1-866-871-9882  or  go  to  the  Dell  UNIX  Migration  online  calculator 
at  www.dell.com/migration1 6  to  see  how  a  Dell  solution  can  lower 
your  migration  costs  and  help  simplify  the  transition. 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Every  time  MCI  appears  to  be  sorting 
itself  out,  a  new  calamity  hits.  AT&T 
has  filed  an  objection  to  MCIs  pend¬ 
ing  emergence  from  bankruptcy  that  is 
based  on  charges  that  MCI  has  illegally 
routed  calls  to  avoid  paying  millions  of  dol¬ 
lars  in  access  fees.  In  response,  the  General 
Services  Administration  wants  to  bar  MCI 
from  federal  contracts,  which  could  cost 
the  struggling  carrier  billions  of  dollars  and 
perhaps  its  ultimate  viability 
What’s  going  on? 

It’s  kind  of  like  nailing  A1  Capone  for  tax 
evasion.  Even  if  (as  I  believe)  MCI  is  guilty, 
call-termination  regulations  are  notorious¬ 
ly  Byzantine,  and  exploiting  loopholes  is 
somewhat  of  a  parlor  game  among  telcos. 
Furthermore,  while  “millions  of  dollars” 
sounds  like  a  lot  of  money,  it’s  a  few  hours 
of  operation  for  a  large  telco. 

The  underlying  issue  has  more  to  do 
with  an  almost-universal  resentment 
against  the  apparent  disparity  between 
MCI’s  behavior  and  the  company’s  pun¬ 
ishment.  If  “recklessly  and  dangerously 
mishandling  a  company”  was  a  crime, 
MCI’s  former  executives  would  be  guilty. 

That  crime  dwarfs  the  current  round  of 
fraud  charges:  Shareholders  lost  billions. 


Latest  MCI  ‘scandal'  isn't 
what  it  appears  to  be 


The  careers  of  thousands  of  MCI  employ¬ 
ees  were  injured  or  ruined,  as  were  those 
of  managers  at  other  telcos  —  notably 
Sprint  and  AT&T  —  who  reportedly  lost 
bonuses  and  even  jobs  because  of  their 
inability  to  keep  up  with  MCI’s  supposed 
“results.” 

Yet  MCI  appears  to  be  getting  away 
almost  scot-free.  With  its  debt  reduced  by 

As  long  as  AT&T  can  pro¬ 
long  uncertainty  facing 
its  rival,  MCI  will  con¬ 
tinue  to  lose  revenue . . . 

bankruptcy  and  its  infrastructure  and  cus¬ 
tomer  base  more  or  less  intact,  the  com¬ 
pany  actually  is  better  positioned  com¬ 
petitively  than  are  some  rivals.  So  the  cur¬ 
rent  round  of  accusations  and  charges 
look  almost  like  de  facto  justice:  a  way  to 
punish  MCI  for  the  larger  crimes  that  the 
courts  can’t  or  won’t  address. 

However,  AT&T  executives  aren’t  paid  to 
implement  justice  (de  facto  or  other¬ 
wise).  They  know  that  the  access-charge 
issue  is  so  minor  as  to  be  effectively  a  red 
herring. You  can  bet  that  deep  in  the  heart 
of  AT&T  exists  a  business  case  showing 
that  for  every  X  dollars  invested  in  the  law¬ 


suit,  AT&T  will  reapY  dollars  in  return.  For 
as  long  as  AT&T  can  prolong  the  uncer¬ 
tainty  facing  its  rival,  MCI  will  continue  to 
lose  revenue  —  a  certain  percentage  of 
which  will  go  to  AT&T. 

Is  this  a  good  thing?  It  is  if  you’re  AT&T.  It 
might  not  be  if  you’re  an  IT  executive 
whose  viable  telco  options  just  shrank  by 
one.  And  if  AT&T  succeeds  in  its  apparent 
endgame,  MCI  might  go  away  entirely  I 
don’t  see  how  network  executives  are 
served  by  reducing  the  competitiveness  of 
the  telco  market. 

I’m  not  defending  MCI,  and  I’m  emphati¬ 
cally  not  defending  its  former  managers, 
particularly  ex-CEO  Bernie  Ebbers  and  ex- 
CFO  Scott  Sullivan.  (I’d  like  to  see  them 
both  put  away  for  years.)  But  using  the  cur¬ 
rent  round  of  fraud  charges  as  a  justifica¬ 
tion  to  dissolve  MCI  is  like  taking  a  blow¬ 
torch  to  a  mosquito  —  it’ll  probably  work, 
but  the  collateral  damage  might  be  high. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


■  Read  more  about  reaction  from 
the  MCI  scandal.  PAGES  38  and  61. 


Visit  www.deil.com/migration16  and 
go  to  the  Dell  UNIX  Migration  online 
calculator  for  a  free  migration 
assessment.  Dell  offers  a  host  of 
end-to-end  migration  services, 
including  those  for  Oracle®  9/.  Call 
1-866-871-9882  today  to  speak  with 
a  Dell  representative.  Together,  you 
can  assess  your  individual  needs  and 
then  develop  a  cost-effective  plan  for 


Q  A 


Visual 

continued  from  page  25 

What  will  you  do  differently? 

I  certainly  think  we  need  to  look  at  how  best  to  distribute 
our  solutions  based  on  how  our  customers  want  to  buy.  A 
good  portion  of  our  customers  will  continue  to  want  to  buy 
via  the  carriers,  so  we  will  continue  to  support  the  carriers 
in  addressing  that  portion  of  the 
market  that  purchases  managed 
services  that  way.  We  want  to  go 
after  those  markets  that  may  want 
to  acquire  our  solutions  in  alter¬ 
nate  ways  as  well. 

I'm  having  trouble  imagining  an  alter¬ 
nate  way. 

Through  maybe  a  [value-added 
reseller] .  Maybe  you  want  to  buy 
from  us  directly.  Maybe  they  want  to 
buy  via  some  other  network-related 
offering.  A  good  example  of  that 
would  be  Cisco.  [Visual  monitoring 
software  is  an  option  on  some 
Cisco  platforms.]  That  would  be  one  example  of  taking  a 
portion  of  our  value  proposition,  putting  it  onto  a  piece  of 
hardware  that  gets  deployed  in  the  network  and  solves  busi¬ 
ness  problems  that  the  traditional  Visual  way  of  going 
through  the  service  providers  weren’t  allowing  us  to  get  to. 


So  if  you  think  about  what  we  did  with  Cisco  and  expand 
that  out  to  other  markets  with  other  technologies  and  other 
capabilities,  we’re  going  to  look  for  those  types  of  ways  to 
get  to  the  market. 

If  I'm  a  business  that  might  not  be  using  Visual  in  any  form,  on 
what  time  scale  might  I  expect  something  new  to  pop  up  to  make 
me  consider  buying  Visual  products? 

It  will  be  within  the  short  horizon,  by  the  end  of  the  year, 
let’s  say.  We’re  going  to  begin  to  deliv¬ 
er  our  solutions  more  keenly  focused 
around  market  segments  as  well, 
which  is  different  for  Visual.  We  basi¬ 
cally  had  the ‘circuit-switched  to 
packet  to  IP’  performance-manage¬ 
ment  story  Now  we’re  going  to  take 
that  very  good  story  and  apply  it  very 
specifically  into  targeted  markets. 

Does  that  mean  you'll  customize  a  pitch 
for  a  specific  market  like  government  or 
financial  services  or  creating  cus¬ 
tomized  versions  of  Visual  products  for 
these  segments? 

It  could  be  both.  1  think  the  easiest 
and  the  thing  you’ll  see  out  of  the  chutes  first  is  taking  the 
performance  management  value  of  Visual  and  applying  it 
specifically  to  the  individual  needs  of  the  businesses.  But  over 
time  it  wouldn’t  be  out  of  the  realm  of  possibility  that  we 
begin  to  develop  very  specific  capabilities  for  an  industry  ■ 


II  We  basically  had  the  ‘cir¬ 
cuit-switched  to  packet  to 
IP’  performance-manage¬ 
ment  stoty  Now  we're  going 
to  take  that  very  good  story 
and  apply  it  very  specifically 
into  targeted  markets.  11 
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Voice-activated  services  gaining  attention 


■  BY  STEPHEN  LAWSON 

AAA  Auto  Club  South  is  on  the  Web  ...  but  not  all  its 
members  are  there. 

“More  and  more  people  continue  to  use  our  Web 
site,  but  there  are  a  heck  of  a  lot  of  people  in  our  demo¬ 
graphic  who  still  want  to  do  business  by  phone,” says 
Mike  Petrilli, senior  vice  president  of  information  services. 
The  auto  club  offers  roadside  assistance,  insurance  and 
travel  services  to  3.5  million  members  in  Florida,  Georgia 
and  parts  of  Tennessee. 

The  club  wanted  to  let  members  pay  dues,  check  bills, 
change  addresses  and  carry  out  other  tasks  more  quickly 
over  the  phone,  24  hours  a  day  It  also  wanted  to  save 
money  on  call  centers. 

The  answer  was  automated  call  center  services  using 
speech  recognition  technology  But  rather  than  build  the 
system  itself,  the  club  turned  to  a  carrier. 

As  workers  become  more  mobile  and  companies  rely 
more  often  on  good,  fast,  always-available  support  to  hold 
customers,  services  based  on  speech  recognition  are 
starting  to  come  to  the  rescue.  Emerging  industry  stan¬ 
dards  are  helping  to  open  the  market  and  pave  the  way 
for  broader  adoption,  according  to  industry  experts. 

Speech  recognition  makes  it  practical  to  do  things  with 
a  phone  that  would  be  too  compli¬ 
cated  using  the  12-digit  keypad.  In 
some  cases,  callers  won’t  have  to 
work  their  way  through  a  hierarchy 
of  options  by  pressing  numbers  or 
saying  words.  Although  it’s  not  at 
the  point  where  systems  can  under¬ 
stand  anything  a  caller  might  say 
callers  no  longer  have  to  use  spe¬ 
cific  words.Voice  recognition  also 
can  trigger  transactions  without  a 
live  operator.  Combined  with 
speech-to-text  and  text-tospeech 
technology,  it  can  support  even 
more  emerging  applications. 

Several  carriers  have  built  these 
kinds  of  services  and  offer  them  to 
companies  on  site  or  at  a  central 
facility. 

The  auto  club  outsourced  its  sys¬ 
tem  to  WorldCom,  now  known  as 
MCI.  It  kept  the  HTML  applications 
it  uses  on  the  Web  for  selected  ser¬ 
vices  and  let  MCI  create  an  inter¬ 
face  between  those  applications 
and  a  speech  recognition  system. 

Now  when  club  members  move 
they  can  enter  a  change  of 
address  without  using  the  Web  or 
talking  to  an  operator. The  “voice 
portal”  prompts  the  caller  for  the 
postal  code  first,  and  then  matches  the  street  name  and 
address  the  caller  states  against  a  database  of  possible 
addresses  in  that  area.  Having  something  to  compare 
the  caller's  responses  to  aids  in  recognizing  the  spoken 
words,  Petrilli  says. 

The  club  pays  for  MCI’s  services  on  a  per-transaction 


basis.  Petrilli  compares  MCI’s  piece  of  the  system  with  a 
“black  box”  that  he  doesn’t  have  to  worry  about. 

“We  chose  to  use  an  outsourced  model . . .  primarily 
because  we  believe  this  technology  is  still  pretty  early  in 
its  life  cycle,”  Petrilli  says.’The  software  is  changing  very 
quickly  Why  sign  up  to  maintain  that  when  it’s  really  just  a 
side  job  for  us?” 

Voice-activated  services  might  count  most  on  the  road, 
where  users  might  have  just  one  data-access  device 
available:  a  mobile  phone. The  payoff  can  be  higher  pro¬ 
ductivity  For  example,  service  people  in  the  field  who 
have  just  finished  a  job  can  mark  the  ticket  item  as  com¬ 
pleted  just  by  calling  in  to  an  automated  system,  says 
Marcello  Typrin,  director  of  product  marketing  at  speech 
software  vendor  Nuance  Communications. 

Providing  a  speech-based  interface  to  applications  is  a 
good  thing  for  companies  to  outsource  to  a  carrier, says 
Mark  Plakias,  an  analyst  at  Zelos  Group.  In  most  cases, 
access  to  an  application  such  as  ERP  by  voice  is  only  a 
small  fraction  of  the  use  of  the  application,  he  says. 

“There’s  no  reason  the  enterprise  should  have  to  go  out 
and  buy  a  telephony  platform  to  do  this,”  Plakias  says.Ty- 
prin.on  the  other  hand, says  companies  can  save  on  oper¬ 
ating  expenses  by  owning  their  own  equipment,  and  more 
are  doing  so  as  they  become  confident  in  the  technology 
Companies  and  carriers  are 
using  speech  recognition  because 
it’s  getting  better,  according  to  ana¬ 
lysts.  More  powerful  processors 
and  refined  algorithms  are  at  the 
core  of  the  improvement.  Now,  at 
the  application  development  level, 
two  new  specifications  that  extend 
current  mark-up  languages  are 
helping  companies  and  service 
providers  get  started. 

Voice  XML  (VXML)  is  an  exten¬ 
sion  of  XML  that  lets  developers  for 
corporations  and  service  providers 
take  advantage  of  work  that 
already  has  been  done  to  put 
applications  and  information  on 
the  Web.  Released  in  Version  1 .0  in 
2000, it  is  now  inversion  2.0. VXML 
has  opened  the  voice-based  mar¬ 
ket  to  new  vendors,  such  as  start¬ 
up  VoiceGenie  Technologies,  while 
leading  existing  vendors  to  offer 
alternatives  to  their  proprietary 
software  platforms  using  VXML 
interpreter  software. 

Meanwhile,  the  Speech 
Application  Language  Tags  (SALT) 
standard,  backed  by  Cisco,  Intel 
and  Microsoft,  also  is  coming  on 
the  scene.  The  platform  is  based  on 
extensions  of  scripting  languages,  including  HTML  and 
XML  Microsoft  released  the  first  beta  of  its  SALT-based 
Speech  Server  in  July,  but  it  is  marketing  the  platform 
directly  to  corporations  and  not  to  service  providers. 

VXML  already  is  helping  developers  get  new  voice- 
based  services  out  more  quickly  and  painlessly. 


VoiceGenie’s  product  is  an  example  of  how  the  specifi¬ 
cation  can  work.The  company  makes  middleware  that 
runs  on  Linux.That  middleware  is  the  interface  between 
speech  recognition  systems  that  process  what  a  caller 
says  and  VXML  applications  that  answer  or  carry  out  tasks 
the  caller  requests, says  Eric  Jackson,  vice  president  of 
strategy  and  business  development  at  VoiceGenie. 

Traditionally  interfaces  between  speech  recognition  sys¬ 
tems  and  back-end  applications  have  come  in  the  form 

Emerging  industry  standards 
are  helping  to  open  the  market 
and  pave  the  way  for  broader 
adoption. 

of  proprietary  software  that  speech  recognition  platform 
vendors  have  written  for  their  own  systems,  according  to 
Zelos  Group’s  Plakias.The  advent  of  VXML  makes  voice- 
enabled  applications  less  dependent  on  the  platforms  on 
which  they  run.  As  soon  as  each  platform  maker  provides 
a  VXML  interpreter  to  run  VXML  applications  on  its  sys¬ 
tems  single  application  can  be  adapted  to  all  the  plat¬ 
forms  easily,  experts  say. 

The  specification  made  it  easier  and  less  expensive  for 
BBN  Technologies,  a  unit  of  Verizon,  to  develop  voice- 
activated  systems  for  Verizon  call  centers  that  also  are 
being  offered  to  other  carriers  and  corporations. 

“With  Voice  XML,  the  application  you  build  is  really 
yours,  regardless  of  what  systems  you  want  to  deploy’ says 
Marie  Meteer,  director  of  call  center  solutions  at  BBN. 
Once  an  application  for  a  voice-activated  service  has 
been  written,  it  doesn’t  have  to  be  rebuilt  from  scratch  if 
BBN  decides  to  change  hardware  and  software  platforms. 
That  means  companies  and  carriers  can  feel  more  confi¬ 
dent  about  making  an  investment  in  speech  recognition. 

“These  standards  are  growing  and  evolving  over  time, 
but  the  risks  are  relatively  low,  and  at  least  you  know 
them,”  Meteer  says. 

It  also  gives  carriers  a  larger  pool  of  qualified  develop¬ 
ers,  Meteer  says.  With  proprietary  platforms,  there  has  to 
be  at  least  one  developer  with  special  training  on  that 
platform.  By  contrast,  there  are  many  HTML  and  XML 
developers  who  can  make  the  leap  fairly  easily  to  work¬ 
ing  with  VXML,  she  says. 

SALT  boasts  similar  advantages  and  possibly  an  even 
bigger  developer  base.  It  is  a  lighter  set  of  extensions  to 
current  markup  languages  than  VXML  and  easier  for 
HTML  and  XML  developers  to  use,  Plakias  says. 

Analysts  and  industry  participants  are  optimistic  that 
VXML  and  SALT,  both  of  which  have  been  submitted  to 
the  World  Wide  Web  Consortium,  won’t  develop  the  type 
of  rivalry  between  them  that  has  stymied  development 
in  other  areas.The  two  specifications  are  heading 
toward  becoming  one  and  might  merge  by  the  end  of 
next  year,  according  to  Plakias. 

Lawson  is  a  correspondent  with  IDG  New  Service  s  San 
Francisco  bureau. 


What  it's  good  for 

Speech  recognition,  sometimes 
used  with  text-to-speech 
functions,  opens  up  a  range  of 
new  services. 

•  Automatic  routing  of  support  calls 
based  on  a  request  in  the  caller’s  own 
words. 

•  Voice-activated  transactions  such  as 
purchases  using  a  credit  card  number. 

•  Caller  authentication  through 
comparing  the  voice  to  a  “voiceprint." 

•  Outbound  messages  delivered  to 
many  recipients  in  the  most  appropriate 
form  for  the  device  they  are  using. 

•  Multimodal  applications  that  let 
users  speak  and  listen,  or  read  and 
write,  different  kinds  of  information  on 
one  device. 

•  Voice-activated  dialing. 

•  Hands-free  access  by  phone  to 
e-mail  and  a  personal  address  book. 

•  Audio  Short  Message  Service. 
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IPFIX  fine-tunes  traffic  analysis 


HOW  IT  WORKS 


IPFIX 


IPFIX  uses  a  standard  format  that  routers  can  use 
for  exporting  network  traffic  information  to  collection 
devices  and  network  management  systems. 


Incoming  network  traffic  flow 


Management 
application  GUI 


O  Router/switch  software  cache 
gathers  and  stores  accounting 
information  about  an  incoming 
traffic  flow. 

©  When  the  traffic  flow  expires,  the  router/switch  tells  the  collector  the  specific  set  of  fields,  lengths 
of  fields  and  other  information  it  can  expect  to  receive  about  the  traffic  flow.  Then  the  router/switch 
sends  the  data  to  the  collector  in  that  format. 

©  The  collector  receives  and  aggregates  network  statistics,  and  then  forwards  them  to  any  compliant 
vendor’s  application  for  display. 


■  BY  PAUL  KOHLER  AND  BENOIT  CLAISE 

Soon  it  will  be  easier  for  IT  managers  to 
extract  and  view  important  traffic  statistics 
stored  in  their  routers  so  they  can  better 
manage  their  networks. 

The  Internet  Engineering  Task  Force 
(IETF)  is  standardizing  the  format  used  for 
exporting  router-based  information  about 
network  traffic  flows  to  data  collection  de¬ 
vices  and  network  management  systems. 
The  proposed  standard,  IP  Flow  Infor¬ 
mation  Export  (IPFIX), will  work  across  any 
vendor’s  routers  and  management  applica¬ 
tions  that  support  the  protocol. 

In  other  words,  IT  departments  will  no 
longer  have  to  match  routers  supporting 
proprietary  export  formats  with  applica¬ 
tions  that  have  been  developed  specifical¬ 
ly  to  support  those  formats.The  export  for¬ 
mat  also  is  extensible,  so  network  man¬ 
agers  won’t  have  to  upgrade  their  router 
software  or  management  tools  as  their  traf¬ 
fic-monitoring  requirements  change. 

Exporting  network  traffic  information 
from  a  router  and  viewing  the  statistics  on 
a  per-flow  basis  gives  network  managers 
information  they  can  use  to  make  key 
decisions.  Administrators  who  know  how 
many  packets  and  bytes  are  sent  to  and 
from  certain  IP  addresses  or  across  spe¬ 
cific  network  interfaces  can  create  usage- 
based  departmental  charge-back  sys¬ 
tems.  They  also  can  use  the  information 
to  traffic-engineer  their  networks  for  opti¬ 
mum  performance. 

The  IETF  chose  Cisco  NetFlow  Version  9 
data-export  format  as  the  basis  for  IPFIX. 
IPFIX  defines  the  format  by  which  IP  flow 
information  can  be  transferred  from  an 
exporter  (router  or  switch)  to  a  collector. 
Applications  that  support  IPFIX  will 


understand  and  display  statistics  received 
from  any  router  that  also  supports  the 
standard. 

Network  managers  will  be  free  to  add  or 
change  the  fields  (the  specific  parameters 
and  protocols)  against  which  they  want  to 
monitor  their  IP  traffic  flows.  This  is  possi¬ 
ble  because  IPFIX  is  a  template-based  for¬ 
mat  for  data  export,  which  makes  it  exten¬ 
sible.  The  use  of  templates  means  network 
administrators  and  vendors  don’t  have  to 
alter  their  software  to  support  a  new  format 
every  time  a  company  wants  to  view  traffic 
statistics  based  on  different  criteria. 
Changes  that  corporations  might  desire  in¬ 
clude  adding  network  accounting  of  IPv6 


and/or  IP  Multicast  packets  to  existing  IPv4 
packet  monitoring. 

To  export  data,  routers  represent  each 
network  traffic  flow  based  on  seven  key 
fields: 

•  Source  IP  address. 

•  Destination  IP  address. 

•  Source  port. 

•  Destination  port. 

•  Layer  3  protocol  type. 

•  Type-of-service  byte. 

•  Input  logical  interface. 

If  all  seven  key  fields  in  two  different  pack¬ 
ets  match,  both  packets  are  designated  as 
belonging  to  the  same  flow.  Packets  in  that 
flow  are  compared  against  the  same  match 


criteria  and  counted.  Today  there  also  are 
additional  non-key  fields  that  can  be 
tracked  for  network  accounting  purposes 
in  many  systems,  such  as  the  source  IP 
mask,  destination  IP  mask,  source  auton¬ 
omous  system,  destination  autonomous 
system.TCP  flags,  destination  interface  and 
IP  next-hop. 

If  network  operators  want  to  account  for 
packets  based  on  additional  fields,  the  tem¬ 
plate-based  format  inserts  a  new  field  fol¬ 
lowing  the  export  packet  header  in  which 
new  template  records  can  be  added.  Each 
template  has  a  unique  ID  number  that  will 
match  a  traffic-flow  ID  number  to  associate 
a  given  template  to  the  appropriate  data 
record.  The  template  flow-set  establishes 
the  field  types  and  lengths,  while  the  ID 
number  ties  the  fields  to  the  specific  data¬ 
flow  export. 

The  IPFIX-compliant  router/switch  sends 
template  definitions  to  the  IPFIX-compliant 
collector  specifying  what  flow  records  it 
can  expect  and  in  what  order.  The  flow 
records  then  can  be  decoded  and  stored 
locally  on  the  devices. 

The  IETF  is  expected  to  submit  the  IPFIX 
drafts  for  publication  as  a  proposed  stan¬ 
dard  late  this  year  or  in  early  2004.  Using  a 
template-based,  flexible  file-format  ap¬ 
proach,  routers  will  have  a  common  way 
to  communicate  to  collection  devices 
and  applications,  letting  network  adminis¬ 
trators  quickly  amend  network  analysis 
without  having  to  make  major  software 
changes  to  their  systems. 

Kohler  is  a  technical  marketing  engineer 
in  the  Internet  Technologies  Division  at 
Cisco.  He  can  be  reached  at  pkohler@ 
cisco,  com.  Claise  is  technical  leader  at  Cisco 
and  can  be  reached  at  bclaise@cisco.com. 


Dr.  Internet  By  Steve  Blass 

I  have  a  VPN  problem:  My  network  connection  fails 
to  renew  the  dynamic  IP  address  once 
the  VPN  is  connected.  The  VPN  uses  a  PPP  adapter 
over  a  broadband  cable  connection.  The  cable 
provider  uses  Dynamic  Host  Configuration 
Protocol  to  lease  and  renew  IP  addresses.  I  had  no 
problems  releasing  the  IP  address  when  connect¬ 
ed  to  the  VPN.  When  I  moved  to  a  new  job,  the  VPN 
connection  between  the  home  PC  and  work  PC  was 
different  from  the  previous  company's.  The  old 


VPN  client  logged  on  to  a  Windows  domain;  the  new 
one  doesn't 

To  fix  the  problem  with  the  Microsoft  VPN  on 
Windows  2000  Professional,  adjust  the  VPN 
TCP/IP  settings  as  follows:  First,  disable  passing 
the  local  host’s  Internet  access  through  the 
remote  gateway  so  you  can  get  to  the  Internet 
without  going  through  the  corporate  network. 
Second,  remove  the  DNS  suffix  of  the  local  host 


for  the  VPN  T CP/IP  so  your  computer  can 
resolve  Internet  names  more  efficiently.  These 
adjustments  let  the  local  host  renew  the  IP  by 
directly  contacting  the  ISP's  DHCP  server  over 
the  Ethernet  adapter,  instead  of  tunneling  this 
action  through  the  PPP  adapter. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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Final  Samba  steps 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Last  week  we  dug  into  the  Samba  sys¬ 
tem  and  suggested  that  you  down¬ 
load  a  copy  so  we  could  set  it  up. 
Given  the  number  of  possible  server  oper¬ 
ating  systems  that  Samba  is  available  on, 
we’re  going  to  overview  this  procedure 
over  Linux. 

Depending  on  which  Linux  distribution 
you  use,  you  can  choose  to  install:  a  bi¬ 
nary  version  you  compile  from  source, 
which  is  likely  to  be  mandatory  if  you 
have  compiled  a  custom  Linux  kernel;  a 
pre-compiled  binary  version,  which  is 
usually  at  a  lower  release  level  than  you 
would  get  from  compiling  from  the  latest 
source;  or  as  a  “package” —  in  the  case  of 
Red  Hat  Linux,  this  is  the  “rpm”  version. 

For  those  of  you  not  familiar  with  RPM 
the  acronym  is  for  Red  Hat  Package 
Manager,  a  powerful  software  manage¬ 
ment  system  that  installs,  removes, 
upgrades,  verifies  and  builds  RPM 
archives.  These  archives  are  files  of  the 
type  .rpm  that  include  source  and  or  bina¬ 


ries,  package  identification  data,  compo¬ 
nent  checksums  and  scripts  for  carrying 
out  various  operations. 

There  are  all  sorts  of  variants  of  package 
managers  available  for  different  Linux  dis¬ 
tributions  such  as  the  ancient  Slackware 
Linux  installpkg  through  to  Debian’s  apt 
and  Red  Hat’s  rpm.  The  Samba  site  has 
downloadable  packages  for  most  of  the 
mainstream  package  managers,  which 
you’ll  find  in  the  appropriate  operating 
system  subdirectory 

Down  to  business 

As  much  as  we’d  like  to  discuss  the  intri¬ 
cacies  of  compiling  Samba  and  running 
package  managers,  space  prohibits,  so 
we’ll  suggest  that  you  check  the  docu¬ 
mentation  for  your  operating  system  and 
the  version  of  Samba  you  downloaded. 

Once  you  have  installed  Samba  it  needs 
to  be  configured.  Under  Red  Hat  Linux  9 
the  configuration  file  is  named  smb.conf 
and  is  created  by  the  rpm  processes  in 
/etc/samba. 

Here’s  a  simple  configuration  file: 
[global] 

workgroup  =  GEARHEAD 
encrypt  passwords  =  no 
[myshare] 

comment  =  My  documents 


Red  Hat  Package 
Manager  is  a  powerful 
software  management 
system  that  installs, 
removes,  upgrades, 
verifies  and  builds  RPM 
archives. 

path  =  /home/mgibbs/documents 
read  only  =  no 
guest  ok  =  yes 

The  global  section  above  declares  that 
we’re  defining  a  workgroup  named  GEAR- 
HEAD  and  that  we  don’t  want  to  use 
encrypted  passwords  (the  next  version  of 
Samba,  Version  3,  won’t  need  this  com¬ 
mand  because  passwords  will  be  en¬ 
crypted  by  default). The  myshare  section 
defines  a  share  of  the  same  name  that  has 
both  read  and  write  privileges  and  has 
guest  access  enabled  (a  horribly  unse¬ 
cure  combination). 

Now,  while  you  can  set  up  Samba’s  con¬ 
figuration  file  by  hand,  you  might  prefer  to 


www.nwfusion.com 


use  GUI-based  applications  such  as  the 
Samba  Web  Administration  Tool  (SWAT),  or 
if  you  are  running  Red  Hat  Linux  9,  the 
Samba  Configuration  tool  called  redhat- 
config-samba.  But  while  these  tools  are 
good  —  SWAT  is  by  far  the  most  sophisti¬ 
cated —  if  you  need  complex  custom  para¬ 
meters,  there’s  no  alternative  but  to  get 
down  and  dirty  with  a  text  editor. 

And  when  you  make  changes  to  a 
Samba  configuration  —  particularly  when 
you’ve  edited  it  by  hand  —  you  will  have 
the  problem  of  trying  to  figure  out  if  the 
configuration  will  work.  Before  you  do 
anything  else  you  should  run  the  program 
testparm,  which  scans  the  configuration 
file  for  syntactic  errors  and  dumps  all 
defined  and  defaulted  parameter  values 
to  the  console. 

Armed  with  this  information  and  with  the 
assistance  of  the  Samba  help  files,  you 
should  be  able  to  get  a  working  SMB  ser¬ 
vice  up  and  running.  We  also  would  highly 
recommend  that  you  get  a  copy  of  Using 
Samba  by  Ts,  Eckstein  and  Collier-Brown 
(O’Reilly  2003)  —  an  invaluable  and  thor¬ 
ough  reference  to  the  Samba  system. 

Next  week  will  be  something  completely 
different.  In  the  meantime  share  your  data 
with  gearhead@gibbs.com. 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Secure  that  IM  client! 

Security  company  Zone  Labs  this  week  is  expected  to 
announce  a  new  instant-messaging  security  product  that 
lets  end  users  secure  their  instant-messaging  client,  regard¬ 
less  of  the  client  or  service  used. 

Zone  Labs'  lMsecure  Pro  is  security  software  that  works 
with  AOL  Instant  Messenger,  MSN  Messenger  and  Yahoo! 
Messenger.  The  software  helps  secure  and  make  conver- 


The  "instant  protection”  setting  of  Zone  Labs'  lMsecure  Pro 
includes  a  security  log  that  records  events. 


sations  private,  and  protect  PCs  from 
potential  harm  from  hackers,  identity 
thieves,  spammers  and  other  predators 
who  might  take  advantage  of  instant-mes¬ 
saging  vulnerabilities.  The  company  says 
the  product  requires  no  changes  to  end 
users’  habits  and  works  in  the  back¬ 
ground.  lMsecure  Pro  secures  by  proto¬ 
col,  meaning  it  still  will  work  if  clients  are 
updated,  Zone  Labs  says. 

Version  1.0  supports  protection  for  the 
three  major  instant-messaging  services 
listed  above,  but  also  third-party  clients 
such  as  EasyMessage,  Imici,  Meca  and 
Trillian.  Other  features  include  an  “instant 
protection”  setting,  which  includes  a 
security  log  that  records  security  events; 
inbound  threat  protection,  such  as  pro¬ 
tecting  instant  messages  from  hackers 
using  malicious  codes  or  buffer  overflow 
attacks;  and  outbound  threat  protection, 
through  an  ID  Lock  that  prevents  users 
from  mistakenly  sending  personal  infor¬ 
mation  such  as  a  Social  Security  Number, 
bank  account  or  credit  card  numbers. 

This  feature  also  can  be  used  to  prevent 
children  from  giving  out  their  street 
addresses  or  school  addresses  via  instant 
messages  to  strangers. 

Additionally,  a  message-encryption  feature  is  included 
that  can  encrypt  traffic  between  any  two  lMsecure  Pro 
clients  (using  56-bit  encryption).  Other  settings  let  users 
block  file  transfers,  voice  and  video, and  save  bandwidth. 

The  Pro  version  costs  $20  with  a  year  of  free  updates, 
and  is  available  now  at  the  Zone  Labs  Web  site.  A  1 5-day 
trial  version  is  also  available.  For  basic  security,  a  free  ver¬ 
sion  (lMsecure)  offers  simple  instant-messaging  protec¬ 
tion  from  buffer-overflow  attacks  and  the  ability  to  encrypt 


The  Samsung  SPH-i500  combines  a  Palm 
PDA  with  a  mobile  phone. 

one  ID  at  one  instant-messaging  service. 
Designed  for  personal  and  non-profit 
users,  the  free  version  will  be  available  at 
the  end  of  this  month. 

Sprint/Samsung  launch  i500  Palm- 
based  smart  phone  • 

Sprint  last  week  announced  availabil¬ 
ity  of  the  Samsung  SPH-i500,  the  latest 
Palm  OS-based  smart  phone  (con¬ 
verged  device)  that  combines  a  Palm 
PDA  with  a  mobile  phone.  The  i500  is 
available  for  $600  through  the  Sprint 
PCS  Web  site  and  other  retailers. 

The  phone  includes  a  66-MHz  proces¬ 
sor,  16M  bytes  of  memory  and  a  color 
screen  (65,000  plus  colors)  in  a 
clamshell  design.  The  phone  can  con¬ 
nect  to  Sprint  PCS’  Code  Division 
Multiple  Access  lxRTT  network,  which 
provides  data  rates  on  average  between 
50K  and  70K  bit/sec,  Sprint  says.  The 
i500  includes  the  Blazer  Web  browser 
for  viewing  HTML-based  Web  sites  on 
the  device. 

Other  features  include  one-handed 
and  voice-activated  dialing,  and  customized  button 
assignments  that  let  users  pick  which  applications  or  func¬ 
tions  to  launch.  The  i500  comes  with  a  slim  lithium  ion 
battery  that  provides  up  to  2.8  hours  of  talk  time  and  up 
to  nine  days  of  digital  standby  Users  also  can  choose  a 
standard  battery,  which  offers  up  to  4.2  hours  of  talk  time 
and  up  to  15  days  of  digital  standby  time. 

Shaw  can  be  reached  at  kshaw@nww.com. 
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A  Week  of  Professional  Development;  S.  Insight 


6  Keynote  Addresses  & 


Jupiter  Research,  Integrated  Views,  Enterprise  Technology, 
s  YMP  o  s  i  u  m  End  User  Technology,  Access  &  Applications. 

Developers:  Utility  Computing,  Longhorn,  Security,  Encryption, 
□pen  Source,  Linux  Desktops,  Semantic  Web,  Data  Mining, 
Content  Delivery  Networks,  Digital  Rights  Mgmt.  and  more. 

Web  Services:  .NET  Framework,  C#  and  J#,  J2EE,  JMX, 
Websphere,  RSS  Feeds,  SOAP  and  UDDI,  WSDL,  .NET  Remoting, 
VoiceXML/SALT  and  more. 


Hardware  &  Systems  Networked  Storage,  DVD-RW,  Gigabit 
Ethernet,  Mesh  Networks,  Voice  Over  IP,  802.1  lx  Networks, 
RF  ID  Tagging  and  more. 


Enterprise  Executive:  IT  Management  Forum,  ROI  for  the  CTO, 
Human  Capital  Management,  Best  Practices  in  New  IT  and  more. 
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Vertical  Markets 
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Covered  Include: 
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■  Mobility 

■  Enterprise 

Analyst  Sponsor 

Applications 

Jupiterresearch. 

■  Security 

■  Network 

Management 

Exhibit/Sponsor 

Opportunities: 

■  Linux/Open  Source 

Online  or  Sean  Moriarty  at 

■  Storage 

smoriarty@jupitermedia.com 

■  Hardware 

or  (203)  662-2822 

■  Web  Services 

■  Application 

Registration: 

Development 

Online  or  Lillian  Potter  at 

registration@jupitermedia.com 

■  Convergence 

or  (203)  662-2857 

For  a  complete  listing  of  speakers,  session  descriptions,  sponsors, 
and  exhibitors,  or  to  register,  visit  the  event  Web  site  at 
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The  switch  that  adapts 
to  any  environment. 

And  always  will. 


Introducing  the  Matrix™  N-Series 

Scalability  and  security  adapted  to  your  enterprise. 


Because  your  needs  change  so  often,  you 
need  a  switch  that  can  keep  up.  That’s  the 
revolutionary  new  Matrix  N-Series.  Thanks 
to  an  exclusive  distributed  architecture — 
where  all  switching  and  control  functions 
reside  on  each  module — the  N-Series  lets 
you  cost-effectively  add  bandwidth,  users  and 
applications  on  the  fly.  And  no  other  switch 
offers  such  a  low  entry  cost. 

A  wide  range  of  secure  connectivity 
options  means  the  Matrix  N-Series  will 
scale  to  support  converged  applications 


like  video  streaming,  VoIP  and  more  without 
expensive  upgrades.  With  unsurpassed 
reliability,  flexibility  and  investment 
protection,  the  N-Series  is  a  key  component 
to  any  Business-Driven  Network .™ 

Now  and  always. 

For  a  FREE  whitepaper  on  the  Matrix 
N-Series  and  Multilayer  Packet  Classification, 
go  to  enterasys.com/nw/n-series 
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An  Executive  Summary  . ~  IDC 


Produced  by 


IDC  Perception  Survey  On  Wireless  Professional  Service! 


Summons 


In  our  personal  lives  and  within  the  traditional  workplace, 
the  boundaries  of  time  and  place  are  being  eliminated  by 
all  forms  of  mobile  computing  and  communications 
capabilities.  These  transformational  solutions  and 
technologies  underscore  the  notion  that  work  and  play  are 
no  longer  necessarily  physical  places;  rather,  they  are  activ¬ 
ities  that  can  be  performed  virtually  anywhere  at  virtually 
any  time.  This  concept  of  mobility  suggests  the  computing 
and  communications  landscape  of  the  next  five  years  will 
continue  to  evolve  to  a  point  at  which  wireless  infrastruc¬ 
ture  and  mobile  applications  will  enable  more  than  just 
untethered  voice  and  data  access  and  communications 
capability. 


In  a  very  tangible  sense,  the  deployment  of  a  more  robust 
and  secure  wireless  infrastructure  as  well  as  the  develop¬ 
ment  of  more  innovative  and  functional  mobile  application 
solutions  will  allow  forward-thinking  firms  to  experience 
the  benefits  of  a  fundamental  business  process  transforma¬ 
tion  (BPT).  A  transformation  that  will  reshape  the  way  in 
which  organizations  engage  employees,  customers,  supply 
chain  partners,  and  other  relevant  stakeholders. 


Written  by  Richard  Dean,  program  director  for  Infrastructure  Integration  and 
Support  Services  team  at  IDC 
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Building  a  Foundation  lor  Mobile  Solutions 

The  foundation  for  developing  an  enterprise -wide  mobile  solution  begins  with 
an  understanding  of  how'  the  integrauon  of  wireless  technologies  and  mobile  appli¬ 
cations  can  create  efficiencies  around  traditional  business  processes.  This  journey 
not  only  uncovers  the  benefits  of  mobility,  it  also  acknowledges  the  inherent 
challenges  (e.g.,  perceived  security  risks,  etc.)  associated  with  voice  and  data 
communications  transmitted  over  wireless  networks.  From  this  understanding, 
organizations  can  then  consider  the  necessary  steps  that  are  required  in  developing 
a  comprehensive  business  case  that  justifies  the  decision  to  pursue  or  postpone  such 
a  plan. 

In  planning  for  the  implementation  of  a  wireless  solution,  organizations 
typically  consider  many  variables  -  from  the  expected  return  on  investment,  to 
identifying  the  specific  business  processes  to  be  transformed,  to  educating  various 
user  groups  about  this  new'  or  expanded  technology- based  solution.  One  consid¬ 
eration  just  as  critical  in  determining  success  or  failure  is  for  these  organizations  to 
determine  at  a  very  early  stage  if  it  will  use  internal  IT  resources  or  select  an  outside 
services  firm  to  design,  build,  or  manage  some  portion  of  the  project.  External 
professional  services  firms  often  play  a  key  role  in  helping  their  clients  connect  the 
business  case  to  the  tangible  benefits  of  mobility  by  offering  high-value  consulting, 
integration,  and  managed  services.  These  service  activities  are  often  referred  to  as 
the  professional  services  offered  by  third  parties  (e.g.,  consulting  firms,  software 
vendors,  the  services  divisions  of  hardware  manufacturers,  and  value-added 
resellers)  to  help  a  client  isolate  and  define  a  business  problem  (e.g.,  supply  chain 
management)  and  then  design,  implement,  and  manage  a  customized  solution 
through  the  utilization  of  wireless  technologies  and  the  integration  of  customized 
vertical  applications. 

IOC’s  Report  Oilers  In-Depth  Analysis 

An  upcoming  research  report  (Marketplace  Perceptions  of  Wireless  Services 
Firms)  from  IDC,  produced  in  collaboration  with  NetworkWorld,  indicates  the 
end-user  community  has  wide-ranging  opinions  about  the  value  of  such  services 
and  the  vendors  that  purport  to  offer  the  “right”  solution  for  that  organization.  In 
one  of  the  most  extensive  studies  ever  conducted  of  the  wireless  professional 
services  markets,  IDC  surveyed  in  May  2003  a  total  of  459  individuals  (represent¬ 
ing  more  than  1 5  vertical  industries)  for  opinions  and  perceptions  of  the  wireless 
professional  services  industry  and  the  vendors  competing  in  the  marketplace. 

The  survey  instrument  was  created  to  elicit  detailed  responses  from  key  influ- 
encers  and  decision  makers  regarding  their  cognitive  association  and  experiences 
w  ith  (1)  the  wireless  solution  implementation  skills  of  external  providers,  and  (2) 
the  decision  maker’s  rationale  for  considering  but  ultimately  deciding  against  the 
implementation  of  a  wireless  solution.  Leveraging  this  direct  feedback  from  these 
respondents  that  were  chosen  for  the  IDC  Web-based  survey,  this  report, 
Marketplace  Perceptions  of  Wireless  Services  Firms,  describes  in  detail  the  percep¬ 
tions  and  opinions  of  influences  and  decision-makers  regarding  several  compelling 
issues,  including: 

•  Budget  and  funding  variances  for  wireless  and  mobile  projects 

•  Into  which  spending  allocation  categories  (i.e.,  devices,  hardware,  software, 
external  services)  budgeted  funds  are  likely  to  be  directed 

•  A  value  assessment  of  selected  services  attributes  (i.e.  technical  expertise, 
knowledge  of  core  business  model,  etc.) 

•  Marketplace  awareness  of  selected  vendors  that  offer  wireless  and  mobile 
consulting,  implementation,  and  managed  solutions  to  enterprises  and 
mobile  service  providers 

•  Perceived  performance  of  selected  vendors  that  offer  wireless  and  mobile 
consulting,  implementation,  and  managed  solutions  to  enterprises  and 
mobile  service  providers 


budget  for  wireless  or  mobile  infrastructure  hardware  and  application  solutions 
exceeded  $100,000.  See  Figures  1  and  2  below. 

Small  and  Medium  Sized  Organization’s  2002  Budgets  lor  Wireless  Solutions 

In  2002,  what  was  your  organization's  total  annual  budget  for  wireless  or 
mobile  infrastructure  hardware  and  application  solutions? 

□  Less  than  $9,999 

■  $10,000 -$49,999 

□  $50,000 -$99,999 

□  $100,000 -$249,999 

■  More  than  $500,000 

□  $250,000 -$499,999 


FIGURE  2 


Very  Large  Organization’s  2002  Budgets  lor  Wireless  Solutions 

In  2002,  what  was  your  organization's  total  annual  budget  for  wireless  or 
mobile  infrastructure  and  application  solutions? 


□  More  than  $500,000 

■  $50,000  -  $99,999 

□  $100,000  -  $249,999 

□  $250,000 -$499,999 

■  $10,000 -$49,999 

□  Less  than  $9,999 


Source:  IDC,  2003 


Preference  for  using  internal  IT  resources  or  selecting  an  outside  services  firm 
to  design,  build,  or  manage  some  portion  of  the  project  also  varies  by  the  size  of 
the  client  organization.  As  seen  in  Figure  3,  only  20%  of  all  respondents  from  the 
small  and  medium -sized  respondent  segment  have  used  an  external  services  firm  in 
implementing  any  part  of  a  wireless  solution.  For  very  large  organizations,  the 
percentage  of  client  organizations  that  have  used  external  services  vendors 
increases  to  41%.  See  Figure  4. 


FIGURE  3 


Percentage  ol  Small  and  Medium-Sized  Organizations  That  Have  Utilized 
External  Services  Firms  to  Implement  a  Wireless  Solution 


Yes 

20% 


No 

80% 


Comparative  Results 

Not  surprisingly,  while  the  results  indicate  many  services  firms  are  viewed  as 
extremely  competent  and  offer  exceptionally  high  levels  of  business  and  technolog¬ 
ical  expertise,  other  survey  respondents  indicate  a  general  lack  of  knowledge  and 
ev  en  some  skepticism  about  the  need  for  such  services.  For  instance,  many  self- 
sufficient  small  and  medium-sized  organizations  (for  the  purposes  of  segmenting 
the  respondent  base,  those  with  fewer  than  999  employees)  with  basic  network 
connectivity  requirements  and  more  modest  budgets  prefer  to  implement  such 
solutions  using  internal  resources.  One  key  reason  is  that  budgets  allocated  for 
wireless  solutions  from  the  small  to  medium-sized  respondent  base  tend  to  be 
quite  limited.  For  instance,  approximately  87%  of  this  segment  indicated  their 
2002  budget  for  wireless  or  mobile  infrastructure  hardware  and  application 
solutions  totaled  less  than  $100,000.  In  comparison,  just  over  60%  of  very  large 
organizations  (those  with  more  than  10,000  employees)  reported  their  2002 


FIGURE  <4 


Percentage  ol  Very  Large  Organizations  That  Have  Utilized  External  Services 
Firms  to  Implement  a  Wireless  Solution 


Source:  IDC,  2003 
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Budgets  and  Perceptions  from  the  Health  Care  Sector 

One  of  the  most  important  elements  of  IDC’s  extensive  report  is  its  reporting 
and  analysis  of  how  services  vendors  are  viewed  through  the  eyes  of  existing  and 
potential  customers.  Although  responses  were  collected  from  15  different  industry 
segments,  this  section  will  focus  on  selected  questions  and  answers  from  one  verti¬ 
cal  industry  that  continues  to  adopt  wireless  solutions  at  an  impressive  rate:  the 
heath  care  sector.  The  figures  below  offer  an  illustration  of  how  this  sector  is  invest¬ 
ing  in  wireless  solutions  and  why  marketplace  perceptions  can  shape  future 
business  opportunities  for  external  services  firms. 


FIGURE 


Reasons  for  Deploying  a  Wireless  Solution  in  Health  Care  Industry  (N=18) 
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□  To  improve  productivity  and 
operational  efficiency 

■  Business  Continuity  Solution 

□  Other 


83% 


FIGURE  6 


look  to  contain  costs,  enhance  productivity',  and  improve  security  in  response  to 
the  sweeping  changes  brought  on  by  the  Health  Insurance  Portability  and 
Accountability  Act  of  1996  (HIPAA). 

Recently,  telecommunications  provider  BellSouth  formally  announced  it 
implemented  a  large-scale  WLAN  project  for  Birmingham,  Alabama-based  St. 
Vincent’s  Hospital.  St.  Vincent’s,  a  338-bed  acute  care  hospital  serving  a  five- 
county  area,  is  a  member  of  Ascension  Health,  the  nation’s  largest  not-for-profit 
health  system.  St.  Vincent’s  is  designated  as  Ascension  Health’s  flagship  digital 
hospital  and  has  been  recognized  nationally  for  its  technology  initiatives. 

The  21st  Century  Healthcare  Provider.  For  the  past  decade,  St. 

Vincent’s  Hospital  has  been  recognized  as  one  of  the  leaders  in  developing  and 

deploying  technology  aimed  at  enhancing  patient  care.  St.  Vincent’s  innovative 

application  of  technology  that  helps  accelerate  efficiencies  in  the  healthcare 

system  is  highlighted  below: 

•  Pharmaceutical  and  patient  bar-code  scanning  at  bedside  to  prevent 
medication  errors 

•  Computerized  physician  order  entry  (CPOE)  to  provide  staff  physicians 
with  the  best  in  evidence-based  medicine  —  including  “best  practices” 
protocols  —  at  the  moment  of  medical  decision-making. 

•  St.  Vincent’s  patients  today  can  pre-register  at  home  using  the  hospital’s 
community  portal,  accelerating  the  admission  process. 

•  Staff  physicians  can  electronically  “sign”  their  orders  at  physician  PC 
stations  on  every  floor  of  St.  Vincent’s  648,385  square-foot  hospital 
campus. 

•  Wireless  bedside  registration  in  the  emergency  department  enables  family 
members  to  remain  at  the  patient’s  bedside  to  answer  admission  questions. 


2003  Budget  for  Wireless  Solutions  in  Health  Care  Industry 

For  fiscal  year  2003,  have  your  planned  expenditures  for  wireless  and  mobile 
solutions  been  reduced  or  delayed  due  to  the  general  economic  slowdown? 


Yes,  reduced 
severely 


11% 


Do  not  know 
11% 

Yes,  reduced  slightl 
17% 


□  No 

■  Yes,  reduced  slightly 

□  Do  not  know 

□  Yes,  reduced  severely 


FIGURE  7 


Top  5  Wireless  Services  Vendors  Based  on  Marketplace  Awareness 
In  the  Health  Care  Industry 


Cisco  Systems  :  o:: 


IBM  Global  Services  p .  :  ; :  '".:Y  TV  - ' ./  •  1 

Hewlett-Packard  L  '  ■  '-"J  LvS-.',.- ■‘■T---.-'"'". : I 

AT&T  |  . . . — — .  I 

Motorola  j  I 

80.0%  82.0%  84.0%  86.0%  88.0%  90.0%  92.0%  94.0%  96.0%  98.0% 


Source:  I  DC,  2003 


Mobility  In  Health  Care;  A  Case  Study 

One  of  the  wireless  market  segments  showing  signs  of  growth  is  the  wireless 
local  area  network  (WLAN)  deployment  space  as  enterprises  of  all  sizes  continue 
to  invest  to  improve  internal  operating  efficiencies  and  gain  a  competitive  advan¬ 
tage.  During  the  first  half  of  2003,  die  enterprise  sector  (particularly  retail, 
manufacturing,  education,  and  the  health  care  markets)  consistently  engaged  the 
services  of  firms  capable  of  providing  specialized  expertise  in  designing  and 
integrating  WLANs.  In  fact,  health  care  implementations  of  WLAN  solutions 
continue  to  display  great  promise  through  2006,  as  many  of  these  organizations 


BellSouth  as  a  Strategic  Partner 

BellSouth  has  been  successful  in  establishing  a  relationship  with  St.  Vincent’s 
not  solely  as  a  telecommunications  provider  or  reseller  of  networking  hardware. 
Rather,  BellSouth  has  become  a  strategic  partner  to  St.  Vincent’s  over  the  past 
decade  as  the  hospital  continuously  embraced  the  advantages  of  technology 
deployment.  In  working  with  St.  Vincent’s  on  the  WLAN  engagement,  BellSouth 
at  an  early  stage  began  working  with  key  hospital  administrators  to  win  Board 
approval  for  funding  this  nearly  $1  million  project. 

After  gaining  Board  approval,  BellSouth  then  began  designing  network  speci¬ 
fications  based  on  a  detailed  site  survey.  Individual  project  management  elements 
of  BellSouth’s  engagement  are  found  below. 

Radio  Site  Survey  Process  and  Overview.  BellSouth’s  radio  site  survey 
is  a  process  by  which  test  data  is  collected,  analyzed,  and  interpreted  by  techni¬ 
cians  to  determine  hardware  requirements  needed  to  achieve  reliable  RF 
propagation.  This  enables  use  of  the  selected  mobile  devices  in  the  areas 
required. 

Data  is  collected  by  establishing  two-way  radio  communications  via  a 
stationary  and  mobile  unit  at  various  points  within  a  facility  at  2.4GHz,  utiliz¬ 
ing  the  Direct  Sequence  and  Frequency  Hopping  method.  The  two  units 
consist  of  a  Cisco  PC  Card  radio  and  a  Cisco  Aironet  Access  Point  with  an 
external  antenna. 

Testing  is  performed  with  a  free  running  program  that  constantly  trans¬ 
mits,  checks,  and  echoes  data  packets  between  the  two  units.  Results  are 
continuously  displayed  to  provide  instantaneous  feedback.  The  mobile  unit  is 
moved  throughout  the  coverage  area,  and  results  are  analyzed  to  determine  the 
placement  and  quantity  of  equipment  required  for  reliable  RF  propagation 
coverage. 

Installation  Considerations.  In  deploying  WLAN  solutions,  BellSouth 
typically  does  not  accept  responsibility  for  the  integrity  of  the  underlying  wired 
network  to  which  the  access  points  are  attached  or  the  impact  of  additional 
WLAN  expansion. 

Electrical  Installation  Guidelines.  Cisco  Aironet  equipment 
(BellSouth’s  choice  for  this  engagement)  is  designed  to  work  on  the  generally 
available  in-building  power  supply.  However,  like  all  electronic  equipment,  its 
performance  is  subject  to  degradation  due  to  some  commonly  inherent  or 
random  electrical  problems  or  disturbances. 

Apart  from  building  configuration,  interior  usage,  and  electrical  consider.! 
tions,  there  are  other  elements  that  might  impact  the  performance  of  a  system 
that  should  be  considered  before  choosing  the  type  of  equipment.  These 
include: 

•  Ambient  temperature  ranges 

•  Dust,  dirt,  humidity,  and  weather  elements 

•  Planned  usage  (e.g.,  light  commercial  versus  industrial) 

•  Location  susceptibility  to  lightning  and/or  power  fluctuations 
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Warranty  of  Coverage.  BcllSouth’s  site  survey  results  as  reported  to  St. 
Vincent’s  were  guaranteed  for  30  days  from  the  site  survey  date  to  meet  or 
exceed  specifications  in  the  areas  illustrated  in  the  vendor’s  final  report,  if  the 
equipment  enumerated  is  installed,  configured,  and  tested  per  the  final  report. 

Any  changes  to  the  facility’s  structure  or  parameters  within  the  building 
may  create  the  need  for  an  additional  survey  of  the  site  for  an  additional  fee. 
Environmental  changes  can  affect  system  requirements,  creating  additional 
costs  in  labor  and  materials  for  this  client.  Also,  any  obstruction  of  an  access 
point  or  antenna  by  furniture  will  also  void  the  warranty  of  coverage. 

BellSouth  Security  Disclaimer.  Due  to  the  nature  of  wireless  communi¬ 
cations,  BellSouth  explains  to  clients  that  radio  signals  can  spread  beyond  the 
installation’s  perimeter.  This  creates  a  possibility  of  eavesdropping  on  and  inter¬ 
fering  with  communications.  The  Cisco  Aironet  350  series  supports  40-bit  and 
128-bit  encryption  for  wireless  communications,  and  every  effort  is  made  by 
Cisco  to  ensure  the  privacy  of  such  communications.  However,  BellSouth  and 
Cisco  cannot  be  held  responsible  for  any  security  breaches  created  by  installing 
and  running  a  wireless  network. 

Radio  Site  Survey  Results.  Based  on  the  results  of  BellSouth’s  site 
survey,  it  is  determined  mobile  coverage  needed  at  St.  Vincent’s  can  be 
achieved  through  installation  of  a  Cisco  Aironet  radio  system.  Units  are 
procured,  and  the  installation  process  begins  based  on: 

•  Type  and  amount  of  hardware  required 

•  A  system  configuration  plan 

•  A  detailed  architectural  drawing  and  coverage  area  needed 

Si.  Vincent’s  Expected  Return  on  Investment  (ROD 

Currently,  BellSouth  and  St.  Vincent’s  are  in  the  implementation  phase  of  the 
engagement.  At  the  conclusion  of  the  WLAN  project,  St.  Vincent’s  hopes  to  be 
able  to  provide  wireless  connectivity  throughout  its  four  main  campus  buildings 
and  provide  patient  care  personnel  with  access  to  a  wide  range  of  patient  medical 
record  information  via  the  use  of  secure  handheld  devices  (Hewlett-Packard’s 
iPAQ  pocket  PC).  In  addition,  the  hospital  also  expects  to  benefit  from  an 
improved  revenue  cycle  through  faster  reimbursements  from  health  insurance 
providers.  And,  finally,  St.  Vincent’s,  with  a  growing  reputation  as  a  technology 
leader,  expects  to  be  in  a  position  to  recruit  patient  care  personnel  more  effectively 
in  light  of  a  nationwide  shortage  of  skilled  health  care  practitioners. 

Size  of  the  Market  Opportunity 

In  terms  of  the  opportunity  for  firms  wishing  to  gain  share  in  this  market,  IDC 
sees  a  substantial  and  sustainable  future.  When  IDC  examines  and  sizes  the  total 
addressable  wireless  infrastructure  and  applications  services  market,  the  magnitude 
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In  this  position.  Mr.  Dean  manages  the  market  analysis,  commentary,  and  client 
support  for  all  of  the  research  areas  through  a  team  of  dedicated  research 
professionals.  Mr.  Dean  also  participates  in  IDC's  ongoing  international  research 
forum  to  explore  and  define  the  firm's  next  generation  services-focused  research 

architecture. 

Prior  to  joining  IDC,  Mr.  Dean  served  as  an  analyst  with  IDG's  Corporate  Services 
Group.  Previously,  Mr.  Dean  worked  in  analytical  positions  with  Hewlett-Packard 
Company  and  NEC.  He  has  authored  numerous  freelance  articles  in  a  variety  of 
publications  and  been  a  featured  analyst  in  several  trade  magazines.  In  addition, 
'  'i  Lean  has  been  quoted  frequently  in  various  media  including,  The  Wall  Street 
Joe:  cif  Investors'  Business  Daily,  Business  Week  and  he  has  appeared  as  a 
gc ,  ..  l  aiyst  on  several  syndicated  business  programs. 

Mr  t  earned  a  Master  of  Aits  degree  in  Business  Administration  from 
a  gcam  State  College  and  a  Bachelor  of  Arts  degree  in  Business 

tu  .  c  men*  from  Worcester  State  College. 


of  the  global  opportunity  becomes  clear.  In  total,  IDC  sees  spending  for  all  services 
activities  (with  the  exception  of  hardware  and  software  maintenance  and  support) 
reaching  $34. 5  billion  in  2003  and  nearly  doubling  to  $68.3  billion  by  the  end  of 
2007. 

The  factors  influencing  such  demand  for  various  wireless  and  mobile  consult¬ 
ing,  integration,  and  managed  service  segments  in  the  United  States  are  described 
in  detail  in  the  following  sections.  These  factors  are  dynamic  and  often  consist  of 
the  federal  and  state  regulatory  issues,  macroeconomic  concerns,  and  technologi¬ 
cal  developments,  which,  when  considered  in  totality,  help  shape  market  growth 
(or  decline)  within  the  industry  as  a  whole  and  within  certain  spending  segments 
(i.e.,  infrastructure  and  applications). 

Regulatory  Factors 

Among  the  regulatory  and  legislative  actions  with  the  potential  to  influence 
spending  in  the  wireless  marketplace  are,  separately,  the  Broadband  Jumpstart  Act 
and  E911  mandates. 

The  Broadband  lumpstart  Act 

First  drafted  in  late  2002  and  introduced  in  January  2003,  the  Broadband 
Jumpstart  Act  (also  known  as  the  Boxer-Alien  Bill  after  the  bill’s  sponsors.  Senators 
George  Allen  [R.-VA]  and  Barbara  Boxer  [D.-CA])  is  designed  to  accelerate  the 
proliferation  of  hotspots  using  the  5Ghz  spectrum  and  eliminate  signal  congestion 
and  interference.  The  goal  of  the  Jumpstart  Broadband  Act  is  to  cultivate  an 
environment  that  embraces  innovation  and  encourages  the  adoption  of  next- 
generation  wireless  broadband  Internet  devices.  The  bill’s  sponsors  also  hope  the 
legislation  builds  confidence  among  consumers,  investors,  and  innovators  in  the 
telecommunications  and  technology  industries  to  continue  the  expansion  of 
broadband  deployments  nationwide.  IDC  believes  the  Boxer- Allen  Bill,  while 
largely  symbolic,  represents  a  cornerstone  legislative  initiative  beneficial  to  the 
users  and  to  developers  of  Wi-Fi  technology  and  infrastructure  and  application 
services. 

Enhanced  911 

In  a  series  of  orders  since  1996,  the  Federal  Communications  Commission 
(FCC)  has  taken  action  to  improve  the  quality  and  reliability  of  911  emergency 
services  for  wireless  phone  users  by  adopting  rules  to  govern  the  availability  of  basic 
services  and  the  implementation  of  E91 1  for  wireless  services.  In  August  2000,  the 
FCC  adopted  an  order  to  implement  the  Wireless  Communications  and  Public 
Safety  Act  of  1999  (911  Act). 

The  FCC’s  wireless  911  rules  seek  to  improve  the  reliability  of  wireless  911 
services  and  to  provide  emergency  services  personnel  with  location  information 
that  will  enable  them  to  locate  and  assist  wireless  911  callers  more  effectively.  To 
further  these  goals,  the  agency  has  required  wireless  carriers  to  implement  E911 
service  in  two  phases,  subject  to  certain  conditions  and  schedules.  Phase  I  requires 
carriers,  on  appropriate  request  by  a  local  Public  Safety  Answering  Point  (PSAP), 
to  report  the  location  of  a  wireless  911  caller  and  the  location  of  the  antenna  that 
received  the  call.  Phase  II  requires  wireless  carriers  to  provide  far  more  precise 
location  information,  identifying  callers  to  within  50-100  meters  in  most  cases. 

The  deployment  of  E911  requires  the  development  of  new  technologies  and 
upgrades  to  local  911  PSAPs,  as  well  as  coordination  among  public  safety  agencies, 
wireless  carriers,  technology  vendors,  equipment  manufacturers,  and  local  wireline 
carriers.  The  FCC  established  a  four-year  rollout  schedule  for  Phase  II,  which 
began  October  1,  2001,  and  should  be  completed  by  December  31,  2005.  IDC 
expects  the  wireless  industry  to  spend  on  related  integration  services  through  2005 
to  meet  this  deadline. 

Macroeconomic 

In  2002,  corporate  scandals,  plunging  stock  markets,  and  record-setting 
bankruptcies  all  contributed  to  instability  in  the  IT  services  marketplace.  Although 
many  economic  factors  arc  impacting  the  wireless  services  marketplace  today, 
perhaps  none  has  placed  as  much  stress  on  vendor  profit  margins  as  price  deflation. 
Fierce  competition  within  the  industry  has  actually  forced  down  prices  for  some 
professional  services  activities.  For  example,  in  planning  the  design  of  a  wireless 
LAN,  a  radio  frequency  (RF)  technician  trained  in  network  design  measures 
analyzes  the  site  to  determine  the  locations  and  quantities  of  equipment  required 
to  ensure  100%  radio  coverage.  IDC  closely  monitors  wireless  professional  services 
price  points,  and  recent  research  indicates  the  fees  associated  with  site  survey 
consulting  activities  have  declined  during  the  past  24  months  by  approximately 
10%.  Although  pricing  constraints  for  wireless  professional  services  will  continue  to 
some  degree  in  2003,  IDC  sees  these  pressures  abating  during  the  year  as  demand 
conditions  stabilize  and  then  gradually  improve. 
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EDITORIAL 

John  Dix 

MCI:  The 
second  100 
days 

The  completion  of  Michael  Capellas’ second  100 
days  as  head  of  MCI  was  marked  by  the  arrival  of  a 
fraud  accusation  from  AT&T  and  news  that  the  feds 
might  bar  MCI  from  seeking  government  agency  business. 

That’s  a  far  cry  from  the  carefully  orchestrated  rah-rah 
fest  thrown  on  the  company  lawn  and  Webcast  to  the 
world  in  April  to  recount  the  accomplishments  of 
Capellas’  first  100  days,  which  were  indeed  action  packed 
—  new  management  sworn  in,  strategic  plan  completed, 
company  rebranded  and  reorganization  plan  approved. 

The  latest  round  of  bad  news  started  with  the  accusa¬ 
tion  by  AT&T,  SBC  and  Verizon  that  MCI  fraudulently 
routed  calls  through  Canada  to  avoid  paying  access  fees 
to  other  carriers.  MCI  countered  that  all  carriers  practice 
least-cost  routing  and  the  claims  against  it  “have  been 
made  solely  for  competitive  gain.” 

Some  observers  agree.  Investment  research  firm  Pre¬ 
cursor  Group  characterized  the  allegation  as  a  “transpar¬ 
ent  industry  assassination  attempt”  meant  to  derail  MCI’s 
emergence  from  bankruptcy  It  won’t  work,  Precursor 
argues.The  dollar  amount  is  too  low  and  the  regulatory 
area  in  question  too  complex  for  this  to  cause  trouble. 

But  while  that  mess  was  still  unfolding,  MCI  was  hit  with 
news  that  the  government  is  considering  prohibiting  it 
from  bidding  on  new  federal  contracts.  MCI  has  vowed  to 
fight  for  the  right  to  be  considered  for  future  work. 

How  does  all  of  this  news  sit  with  large  would-be  cus¬ 
tomers?  I  asked  two  multi-billion  dollar  outfits  if  the  blem¬ 
ishes  would  influence  their  decisions,  and  here’s  what 
they  had  to  say: 

“1  would  consider  them. There  needs  to  be  competition 
in  the  market,  and  MCI  was  a  positive  market  force  in  the 
past,  only  running  into  trouble  in  the  last  five  years  or  so. 
They  will  emerge  from  Chapter  1 1  in  decent  shape.” 

But  the  other  wasn’t  so  kind:“We  included  them  in  a 
RFP  with  a  lot  of  mixed  feelings  about  the  Chapter  1 1 
process.  We  thought  they  would  be  aggressive  on  pricing 
and  we  could  at  least  use  them  to  balance  cost.  But 
they've  been  one  of  the  most  expensive  so  we  eliminated 
them. The  all-smiling  sales  crew  has  not  lost  a  bit  of  its 
arrogance.  I’m  amazed  at  how  few  have  changed  their 
attitude.” 

Capellas  has  achieved  a  lot  in  a  short  time,  but  the  latest 
news  and  customer  views  like  the  latter  show  just  how 
much  further  he  has  to  go. 

Nonetheless, observers  say  MCI  will  likely  emerge  from 
bankruptcy  on  schedule  (the  next  milestone  is  a  confir¬ 
mation  hearing  Sept.  8),  even  in  the  face  of  these  latest 

developments. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


WLAN  rules  needed 

Regarding  Mark  Gibbs’ Gearhead  column  “Wrapping 
up  the  WLAN”  (www.nwfusion.com,  DocFinder: 
7123):  One  thing  missing  from  almost  every  wireless 
LAN  article  I  see  is  some  general  rules  for  setting  up 
a  WLAN.  Some  of  the  problems  that  usually  aren’t 
covered  but  should  be  include  how  to  place  the 
access  points  so  you  have  the  correct  coverage  area, 
how  to  beat  channel  problems,  and  the  problems  of 
two  different  frequencies. 

J.  Larry  Dishman 
Albuquerque,  N.M. 

In  defense  of  indents 

In  Mark  Gibbs’  Gearhead  column  “Potpourri  for 
geeks”  (DocFinder:  7124),  he  quotes  reader  John 
Gay  as  saying,  “Structuring  code  for  readability 
makes  sense,  but  embedding  intelligence  in  indents 
takes  us  back  to  the  80-column  punch  card  days, 
when  spaces  mattered  a  lot.”  It’s  easy  to  miss  a  semi¬ 
colon  when  reading  through  screens  of  code  trying 
to  find  a  problem.  It’s  much  easier  to  see  that  a  loop, 
if-then  or  case  structure  is  not  indented  properly. 

I  started  my  career  maintaining  two  COBOL  sys¬ 
tems  that  had  more  than  100  discrete  programs 
between  them,  and  each  program  typically  called 
up  to  20  “include”  sections. These  systems  had  been 
written  and/or  maintained  by  several  people  in  the 
past,  with  varying  levels  of  “clean  code”  discipline. 
Before  that,  I  was  a  lab  assistant  in  my  college  com¬ 
puter  lab.  Using  indentation  to  control  programming 
structure  is  the  best  idea  I’ve  heard  related  to  pro¬ 
gramming  languages  in  almost  20  years. 

Scott  Hutchinson 
Network  support  team 
Sheriff’s  Information  Systems 
Contra  Costa  County  Calif. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  editor  in 
chief,  Network  World,  1 18  Turnpike  Road.  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Hot  spots  not  so  hot 

Regarding  “Starbucks  gets  win-win  from  Wi-Fi” 
(DocFinder:  7125):  I’m  skeptical  thatT-Mobile  or  any¬ 
one  else  is  making  real  money  with  hot  spots.  It 
seems  useful  for  Starbucks  internal  use  and  as  a 
marketing  gimmick  for  the  public.  Recently  I  went  to 
a  hot-spot-enabled  Starbucks  and  was  able  to  gain 
access  to  several  other  wireless  access  points,  for 
free,  without  leaving  the  store. 

Charles  Stern 
New  York 

Extensible  protocols 

In  the  review  “XRN  Interconnect  architecture” 
(DocFinder:  7127), I  disagree  with  the  assessment  of 
Spanning  Tree  Protocol  (STP)  and  Layer  3  redun¬ 
dancy  with  Virtual  Router  Redundancy  Protocol 
(VRRP)  and  other  proprietary  variations  as  only 
being  able  to  provide  one  active  router  or  switch. 

STP  can  be  used  to  load  balance  virtual  LANs.  So, 
in  a  redundant  environment, a  switch  can  have  mul¬ 
tiple  uplinks  in  the  forwarding  state. With  Cisco’s  vari¬ 
ation  on  VRRPHot  Standby  Router  Protocol  (HSRP), 
all  routers  are  in  an  active  state  and  capable  of  for¬ 
warding  packets,  although  users  will  only  be  able  to 
use  one  default  gateway.  But  in  a  redundant  envi¬ 
ronment,  the  primary  default  gateway  for  each  VLAN 
can  alternate  between  the  routers,  giving  a  pseudo¬ 
load-balanced  environment  and  definitely  an  active- 
active  environment. 

Mark  McConnell 
Senior  network  engineer 
Coleman  Technologies 
Orlando 

Review  author  David  Newman  replies:  As  protocols, 
neither  STP  nor  VRRP  provide  for  active-active  configu¬ 
rations.  The  fact  that  either  can  be  extended  to  support 
active-active  with  the  help  of  more  protocols  (802.  lq 
VLANs  in  the  case  of  STP  and  Cisco’s  HSRP  instead  of 
VRRP)  doesn 't  mean  the  statement  was  inaccurate. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  7121 


iFrewetpr 

pw?T  of  we, 

SOLUTION,  WBj 
PKCT  OF  TFe 
p&)PLe(A... 


eMM 


wnu  windows,  thg  sowucn  is  rue  ptmeM 


www.nwfusion.com 


8/11/03 


NetwofkWorid 


INTRANET  ADVISER 

Daniel  Blum 


uly  2003  ushered  in  a  strong  Microsoft 
offensive  on  the  identity  management 
and  Web  services  standards  front.  In 
partnership  with  IBM  and  other  vendors, 
Microsoft  released  WS-Federation  specifica¬ 
tions  for  federated  sign-on,  attribute  services 
and  pseudonym  services  —  specifications 
that  partially  conflict  with  standards  from  the  Organization  for  the 
Advancement  of  Structured  Information  Standards  and  Liberty 
Alliance.  In  addition,  Microsoft  and  IBM  let  it  be  known  that  they 
reject  Service  Provisioning  Markup  Language,  which  OASIS  pro¬ 
duced  and  most  identity  management  vendors  have  adopted.  What 
should  we  make  of  these  hardball  maneuvers? 

The  good  news  is  that  WS-Federation  and  other  Microsoft-inspired 
Web  services  specifications  (collectively  dubbed  WS-*)  feature  what 
appears  to  be  an  open,  composable  and  extensible  architecture  for 
Web  services.  WS-*  embraces  Security  Assertion  Markup  Language 
(SAML)  messages  as  tokens,  offering  an  olive  branch  for  convergence. 
And  Microsoft  and  IBM  say  they  plan  reasonable  and  non-discrimina- 
tory  licensing  for  the  specifications.  From  these  standpoints,  WS-*  will 
help  bring  Web  services  and  federated  identity  closer  to  critical  mass. 

The  bad  news  is  that  when  it  comes  to  identity  management,  WS-*  is 
under-specified  and  only  one  of  its  components  has  been  submitted  to 
a  standards  body  Microsoft  and  IBM  say  they  need  more  time  to  perfect 
WS-Federation,  WS-Trust,WS-Policy  and  other  specifications  before  sub¬ 
mitting  them.  But  I’ve  heard  concerns  that  the  vendors  are  looking  for 
a  rubber  stamp  while  delaying  submission  risks,  freezing  important 


Out  of  the  desert,  into  OASIS 


OASIS  standards  work  or  freezing  the  market  for  federated  identity 

WS-*’s  theoretical  “best”should  not  become  the  enemy  of  SPML  and 
Liberty  Alliances  “better’’  While  SPML  schema  and  protocols  are  not 
loosely  coupled  enough  to  become  the  be-all, end-all  Web  services  pro¬ 
visioning  standards,  they  are  a  strong  step  forward  for  interoperable 
account  provisioning.  And  Liberty  Alliance’s  opt-in  account  linking  has 
immediate  applicability  to  multiple  business-to-consumer  and  busi- 
ness-to-employee  identity-management  scenarios  in  today’s  mature 
installed  base  of  browsers,  Web  servers  and  portals.  Liberty’s  identity- 
federation  specifications  are  a  good  start. The  work  now  beginning  at 
OASIS  to  combine  SAML  with  Liberty  and  enhance  both,  should  go  for¬ 
ward  to  create  a  powerful  and  extensible  identity-federation  architec¬ 
ture  for  customers. 

Even  today,  federated  identity  solutions  based  on  SAML  are  prolifer¬ 
ating,  reducing  sign-ons  and  help  desk  calls,  and  bringing  ROl  to  early 
adopters. You  should  feel  comfortable  moving  forward  with  SAML  for 
browser-based,  federated  sign-on,  and  with  OASIS-compliant  WS-secur- 
ity  header  technologies  that  let  Web  services  transmit  SAML  or  other 
tokens  such  as  Kerberos  tickets.  Also  evaluate  Liberty’s  Phase  1  Identity 
Federation.  And  join  others  in  the  industry  in  pushing  for  immediate 
submission  of  Microsoft  and  IBM’s  WS-*  identity-management-related 
specifications  to  OASIS  so  that  the  SAML  2.0  group  and  Liberty  Alliance 
can  move  forward  with  their  important  work. 


What  should 
we  make  of 
these  hardball 
maneuvers? 


Blum  is  senior  vice  president  and  research  director  with  Burton 
Group,  an  integrated  research,  consulting  and  advisory  service.  He  can 
be  reached  at  djb-feedback@earthiink.com. 
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Linda  Musthaler 

There’s  something  wrong  with  proposed 
anti-spam  legislation  when  one  of  the 
country’s  foremost  spammers  supports 
its  passage.  In  May,  self-proclaimed  “e-mail 
mass  marketer”  Ronnie  Scelson  testified  be¬ 
fore  the  U.S.  Senate  Committee  on  Com¬ 
merce,  Science  and  Transportation  in  a  hear¬ 
ing  about  possible  spam  legislation.  He  supports  bills  that  are  wending 
their  way  through  Congress. 

Most  would  agree  that  laws  are  needed  to  limit  unsolicited  commer¬ 
cial  email.  In  the  current  absence  of  a  federal  law, at  least  30  states  have 
passed  or  are  considering  spam  legislation.  However,  because  email 
doesn’t  stop  at  state  lines,  trying  to  address  the  issue  on  a  stateby-state 
basis  is  futile.  Some  would  argue  that  simply  addressing  spam  on  a 
national  basis  isn’t  enough  and  that  we  need  an  international  treaty 
governing  spam. 

Take  heart,  for  our  federal  legislators  are  attempting  to  act  on  the 
problem.  In  the  108th  Congress,  there  are  no  fewer  than  nine  bills  under 
consideration  by  the  Senate  or  House  of  Representatives.  Among  them 
are  the  Anti-Spam  Act  of  2003,  CAN-SPAM  Act  of  2003  and  Reduction  in 
Distribution  of  Spam  Act  of  2003.  (For  summaries  of  the  pending  legis¬ 
lation,  go  to  www.nwfusion.com,  DocFinder:  7128.) 

With  all  the  attention  lawmakers  are  giving  to  anti-spam  laws,  you’d 
think  that  the  owner  of  Scelson  Online  Marketing  would  be  running 
scared.  On  the  contrary  he  says  the  bills  legitimize  his  business  and  pro¬ 
tect  him  from  the  bullying  tactics  of  anti-spam  groups. 

The  crux  of  the  issue  is  the  opt-out  provision.  Most  of  the  legislative 
proposals  allow  for  the  existence  and  distribution  of  commercial 
e-mail,  as  long  as  there  is  a  provision  for  recipients  to  opt  out  of  receiv¬ 
ing  further  notices  from  that  sender  or  his  agents. 

From  a  consumer  standpoint,  that  means  that  you  or  1  must  respond 
to  each  piece  of  spam  to  initiate  the  opt-out  procedure  \vith  that  par¬ 
ticular  sender. The  fact  is,  opting  out  is  more  work  than  simply  delet¬ 


Spam  bills  have  unlikely  supporter 


ing  the  message. 

From  the  marketer’s  standpoint,  the  opt-out  procedure  lets  him  weed 
out  the  people  who  absolutely  aren’t  interested  in  his  messages,  leaving 
him  with  “good”  addresses.  It  also  makes  it  perfectly  legal  to  continue  to 
send  messages  to  people  who  don’t  say  “take  me  off  your  list.” 

Long  lists  of  anti-spam  groups,  including  the  Coalition  Against  Un¬ 
solicited  Commercial  E-mail  and  JunkBusters,  oppose  the  legislation 
based  on  the  premise  of  opt-out. 

Other  countries,  including  Australia, are  going  to  the  other  extreme, say¬ 
ing  that  recipients  must  opt  in  to  a  mass  marketer’s  mailing  list.  For  a 
spammer,  getting  intended  recipients  to  opt  in  is  a  heck  of  a  lot  harder 
than  letting  them  opt  out.  That’s  one  reason  Scelson  and  other  e-mail 
mass  marketers  like  the  U.S.  proposals. 

Scelson  raised  some  interesting  points  during  his  testimony  to 
Congress.  He  says  that  ISPs  have  blocked  his  mail,  and  thus  “the  indi¬ 
vidual  has  lost  the  right  to  get  any  e-mail  he  wants.” OK,  it’s  a  stretch,  but 
I  can  buy  that.  I’m  not  sure  I  want  MSN  or  AOL  deciding  which  e-mails 
I  should  get. 

Scelson  also  says  he  and  other  marketers  like  him  simply  will  move 
offshore  if  their  businesses  are  regulated  too  harshly  in  the  U.S.  This 
threat  underscores  the  fact  that  e-mail  is  a  global  phenomenon  and  it 
must  be  looked  at  on  a  global  basis.  No  matter  the  shortcomings  of  the 
current  crop  of  legislation,  I  welcome  anything  that  is  done  to  try  to 
limit  this  beast  we  call  spam.  We  need  to  start  taking  legislative  baby 
steps  and  then  amend  the  laws  later  if  they  are  found  to  be  ineffective. 
The  cost  of  dealing  with  spam  has  become  astronomical.  I  don’t  deny 
Scelson  and  his  peers  the  right  to  make  a  legitimate  living  in  this  coun¬ 
try  However, you  and  Land  our  employers  and  ISPs, shouldn’t  bear  the 
brunt  of  the  cost  of  his  business,  and  we  shouldn’t  be  forced  to  receive 
his  messages  if  we  don’t  want  them. 


No  matter  the 
shortcomings  of 
the  current  crop 
of  legislation,  I 
welcome  any¬ 
thing  that  is  done 
to  try  to  limit 
this  beast  we  call 
spam. 


Musthaler  is  vice  president  of  Currid  &  Company,  a  Houston  tech¬ 
nology  consulting  firm.  She  can  be  reached  at  linda@currid.corn. 
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Network  director  wins  funding  for  major  upgrade  of 
San  Francisco  campus  network.  Now  his  team  faces 
tough  design  issues  and  tight  deadlines. 


■  BY  JEFFREY  FRITZ,  DIRECTOR  OF  ENTERPRISE 
NETWORK  SERVICES,  UCSF 

By  any  measure,  the  enterprise  network  at  the  Univer¬ 
sity  of  California, San  Francisco,  is  a  big  one.  It  has 
20,000  nodes,  15,000  switch  ports,  three  Class  B  licenses 
(192,000  IP  addresses),  and  encompasses  three  medical 
campuses  and  four  hospitals  in  San  Francisco,  plus 
more  than  100  remote  campuses  and  regional  clinics 
throughout  California. 

The  network  is  heterogeneous,  with  devices  from  3Com, 
Avaya,  Cisco,  Enterasys  Networks,  Foundry  Networks  and 
Nortel. The  network  backbone  is  multi-protocol  (IPIPX/ 
SPX, AppleTalk), and  there  are  multiple  routing  protocols 
(Open  Shortest  Path  First  [OSPF],  Enhanced  Interior 
Gateway  Routing  Protocol  [EIGRP]  and  Routing  Inform¬ 
ation  Protocol).The  core  of  the  network  is  a  SONET  ring 
at  the  Parnassus  Heights  main  campus, and  most  San 
Francisco  sites  connect  to  it  over  ATM. 

The  complexity  of  this  infrastructure  makes  life  difficult 
for  the  six-person  network  operations  center  staff. They 
must  have  an  intimate  knowledge  of  multiple  switch/ 
router  operating  systems,  multiple  protocols  and  multi¬ 
ple  network  monitoring  applications.The  way  things 
stand  today  it  could  take  hours  to  detect  an  intrusion 
attack  and  days  to  react  to  it. 

Not  only  that,  the  network  infrastructure  is  becoming 
obsolete.  Some  devices  are  1 1  years  old  —  well  exceed¬ 
ing  their  three-  to  five-year  life  spans. Some  of  the  cabling 
is  Category  3  or  older. 

And  from  a  design  perspective,  the  network  topology 
no  longer  makes  sense.  Devices  were  reverse-engineered 


San  Francisco 
General  Hospital 


Layer  3  switch 


DWDM  switch 


DWDM  switch 


Optical-ring 
protected  lambdas 


Mission  Center 
building 


DWDM  switch 


Layer  3  switch 


DWDM  switch 


Layer  3  switch 


Parnassus  Heights 
Campus  A 


Design  plan  for  new  campus  network 


The  toughest  decision  for  the  design  team  was  whether  to  go  with  a  full-mesh 
core  with  dual  homing  from  each  remote  site  to  the  core  network,  or  a 
protected-ring  topology.  The  full-mesh  topology  would  provide  maximum 
redundancy  but  would  be  complex  and  require  more  fiber  than  a  ring  setup. 
In  the  end,  the  team  selected  a  hybrid  approach  —  the  core  of  the  network 
would  be  a  ring,  but  each  remote  location  would  have  dual-homed  connections. 
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1,146 

By  vendor 

Cabletron/Enterasys 

910 

Cisco 

152 

Foundry 

60 

Other  vendors 

24 

By  device  type 
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57 
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into  the  network  over  time  on  an  as-needed  basis,  caus¬ 
ing  the  network  to  have  no  “flow"  in  its  topology  and  little 
rhyme  or  reason  in  its  design. 

Instead  of  a  well-groomed  lawn,  the  network  looks  like 
weeds  in  a  garden.  While  the  university  briefly  consid¬ 
ered  upgrading  the  network  slowly  over  time,  it  soon 
became  obvious  that  nothing  less  than  a  full-blown, 
immediate  network  upgrade  would  do. 

Building  the  business  case 

Network  architects  are  reluctant  salespeople,  but  we 
realized  that  we  were  going  to  have  to  put  our  technolo¬ 
gist  hats  aside  and  become  marketing  gurus, spreading 
the  word  about  the  need  and  the  vision  for  a  UCSF  Next 
Generation  metropolitan-area  network  (NGMAN). 

Enterprise  Network  Services  put  together  the  business 
case,  which  was  vetted  by  Ken  Orgill,  CIO  and  assistant 
vice  chancellor  for  IT  Services.  Before  a  Chancellors’ 
retreat  in  Maya  briefing  was  sent  out  describing  the 
NGMAN  plan.  We  also  put  together  a  PowerPoint  presen¬ 
tation  describing  the  current  network,  the  need  for  the 
NGMAN,  and  the  estimated  costs  and  benefits  to  the 
campus.  One  key  point  was  that  having  a  new  network 
with  far  fewer  routers  and  switches  likely  would  reduce 
operating  costs. 

Enterprise  Network  Services  (ENS)  members  also 
spoke  with  influential  campus  users,  gained  support 
from  the  campus  Computer  Support  Coordinators  and 
actively  promoted  the  NGMAN  to  key  campus  technol¬ 
ogy  groups  such  as  UCSF  IT  Governance  Network 
Subcommittee. 

Orgill  made  a  formal  presentation  at  the  Chancellors 
Retreat, and  all  the  work  paid  off  handsomely  with  a  mul- 
timillion-dollar  allocation  spread  over  three  years.  Chan¬ 
cellor  J.  Michael  Bishop  approved  our  proposal  in  June, 
saying, “UCSF  is  a  first-rate  medical  institution  with  a  third- 


rate  network.  Now  let’s  do  something  about  this.” 

Determining  the  network  applications 

We  were  elated  to  have  received  quick  approval  for 
our  proposal.  But  our  joy  was  short-lived  when  we  no¬ 
ticed  the  tight  time  frames  that  had  been  handed  to  us. 
The  go-live  date  and  migration  of  the  first  users  had  to 
occur  within  14  months  of  project  approval.  Migration  of 
all  users  to  the  new  network  had  to  be  completed  in  12 
to  18  months  after  the  NGMAN  went  live. 

Fourteen  months  isn’t  a  long  time  to  implement  a  top- 
down  network  redesign,  especially  with  a  four-  to  five- 
month  RFP  process  ahead  of  us.  We  needed  to  deter¬ 
mine  the  major  requirements  and  key  network  applica¬ 
tions  within  a  few  weeks. 

We  began  by  examining  the  current  network  applica¬ 
tions,  talking  to  end  users  and  doing  a  little  judicious 
forecasting. The  medical  center,  School  of  Medicine, 
medical  researchers  and  library  IT  staffs  helped  identify 
potential  applications,  such  as  medical  imaging  distribu¬ 
tion  (MRI.CT  scans),  and  remote  clinician  consultation/ 
diagnosis. 

IP  telephony,  distance  learning  and  high-definition 
video  distribution  were  also  obvious  applications.Secure 
e-mail  and  transfer  of  research,  patient,  doctor  and  stu¬ 
dent  information  also  were  pegged  as  key  applications. 
On  top  of  that,  all  network-based  medical  applications 
had  to  comply  with  the  Health  Insurance  Portability  and 
Accountability  Act. 

Culling  this  together  gave  us  a  pretty  good  base  from 
which  to  forecast  the  network  applications  that  would 
need  to  be  supported  over  the  NGMAN. 

The  design  team 

Once  we  had  established  the  underlying  network 
applications,  and  thus  the  nature  of  the  network,  it  was 


Remote  offices 


time  to  put  together  a  design  team. 

No  one  knows  better  how  a  network  design  should 
operate  than  the  people  charged  with  installing  and  oper¬ 
ating  the  network.Therefore,  all  four  ENS  units  (Enterprise 
Architecture  Design,  Network  Operations,  Enterprise  Proj¬ 
ect  Management  and  Enterprise  Production  Services) 
were  included. 

From  the  beginning,  we  determined  that  the  best  way  to 
get  user  needs  incorporated  into  the  design  and  achieve 
user  buy-in  was  to  involve  technical  members  of  the  user 
community.  Consequently,  representatives  from  the  med¬ 
ical  center,  School  of  Medicine,  School  of  Nursing,  med¬ 
ical  researchers  and  library  IT  staffs  joined  the  design 
team. 

The  team  also  included  volunteers  from  the  technical 
staffs  of  three  major  vendors:  Cisco,  Foundry  and  SBC.  It 
was  a  bit  tricky  to  orchestrate  their  participation  because 
of  vendors’  conflicting  interests.  But  the  vendor  technical 
staffs  promised  to  play  fair,  and  for  the  most  part  they  did. 
We  made  sure  that  they  did  not  participate  in  the  RFP  ere 
ation  or  award  decision  process  —  and  their  involvement 
had  to  cease  before  a  California  law  limiting  vendor  in¬ 
volvement  in  design  efforts  took  effect  on  July  1 . 

However,  their  participation  was  worth  the  effort. They 
called  on  technical  resources  unavailable  to  us,  making 
them  a  valuable  addition  to  the  team. 

There  was  one  other  important  team  member  — 
Material  Management,  the  UCSF  procurement  unit. These 
are  the  folks  who  know  how  to  purchase  the  equipment 
and  services  needed  for  a  project  of  this  nature. 

Altogether  there  were  16  people  on  the  team. The  size 
of  the  group  meant  that  we  had  to  be  especially  consid¬ 
erate  of  each  other  and  work  to  keep  the  design  moving 
ahead  expeditiously. 

The  sky  is  the  limit 

The  best  designs  come  from  a  combination  of  blue-sky 
dreaming  and  slice-and-dice  reality.  During  the  blue-sky 
process,  there  are  no  practical  limitations,  cost  is  no 
issue,  and  the  resources  are  infinite.  No  one  is  critical  of 
any  idea. This  lets  the  designers  be  as  creative  as  possi¬ 
ble.  Once  the  list  is  as  comprehensive  as  it  is  likely  to  be, 
the  slice-and-dice  phase  begins.  Here  the  designers 
become  critics,  hacking  away  at  impractical  or  inordi¬ 
nately  expensive  items  on  the  list.  Because  everyone  is 
allowed  to  be  a  contributor  to  the  blue-sky  process  and 
a  critic  during  the  slice-and-dice  phase,  no  one’s  ego  is 
on  the  line.  If  conducted  properly,  the  result  is  the  best 
possible  design  elements. 

Before  the  design  process  could  begin  in  full  force, sev¬ 
eral  decisions  had  to  be  made.The  previous  network 
used  a  SONET  transport. There’s  nothing  inherently  wrong 
with  SONET,  but  in  many  ways, SONET  is  showing  its  age. 

It  is  somewhat  limited  in  scalability  only  supports  one 
lambda  (light  wave)  and  usually  requires  a  managed  ser¬ 
vice  from  the  provider. 

The  option  of  converting  from  SONET  to  coarse  wave¬ 
length  division  multiplexing  or  even  dense  WDM  was 
extremely  attractive.  It  would  let  the  UCSF  network  staff 
manage  its  own  Layer  1  transport,  increasing  or  decreas¬ 
ing  the  bandwidth  and  number  of  lambdas  (optical 
channels)  as  required.  And  it  would  provide  multiple  vir¬ 
tual  fiber  pathways  over  one  pair  of  fiber  strands,  mean 
ing  far  fewer  fiber  pulls  in  the  future. 

The  existing  network  uses  an  ATM  backbone.  While  the 
technology  still  makes  sense  in  a  service  provider’s  net¬ 
work,  the  complexity  of  ATM  makes  it  unwieldy  in  an 
enterprise  network. The  simplicity  of  Gigabit  Ethernet 
combined  with  its  ever-growing  bandwidth  (1G  and  inf 
byte/sec  today  and  the  promise  of  40G  byte/sec  tom  . 
row)  made  it  a  natural. That  made  the  decision  to  go 
with  Gigabit  Ethernet  in  the  core  network  a  no-braine: 

There  was  a  plan  underway  to  take  the  existing  net¬ 
work  from  multi-protocol  to  single  protocol.  We  saw  n< 
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Next-generation  MAN 
design  criteria 

Optical  core 

•  Redundancy. 

•  Self-healing. 

•Multiple  lambdas  (DWDM). 

Layer  2, Layer  3 

•  IP  only  (single  protocol)  backbone. 

•  Standards-based  protocols  only. 

•  iG-byte  Ethernet  backbone  (lOG-byte  Ethernet  ready). 

•  IG-byte  Ethernet  to  building  distribution  points  (10G- 
byte  Ethernet  ready). 

•Stateful  awareness,  re-routable  backbone. 


System 

•  Low  network  latency  (end-to-end). 

•  Minimal  jitter. 

•  Scalability. 

•COS. 

•  Modularity  (no  forklift  upgrades). 

•  Robust  network  management,  including 
Layer  1  monitoring. 

•Out-of-band  management. 

•  UPS  providing  a  minimum  of  20  minutes 
holding  time  for  all  network  devices. 

•  24-7  technical  support  with  four  hours 
on-site  part  delivery  every  day  of  the  year. 


Note:  Core  is  defined  as  the  optical  LI  infrastructure.  Backbone  is  defined  as  the  L2-L3  IP  network. 
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-eason  to  deviate  from  this  plan. The  new 
network  would  be  all  IP 
Furthermore,  Layer  3  ASIC-based  switch¬ 
ing  offers  the  speed  advantages  of  bridg¬ 
ing  at  Layer  2  with  the  intelligence  of  rout¬ 
ing,  so  we  made  the  core  network  Layer  3 
switched.  As  for  the  core  protocol, we 
divorced  ourselves  from  Cisco’s  propri¬ 


etary  EIGRP  and  went  with  OSPF 

To  manage  or  not  to  manage 

We  had  settled  on  Gigabit  Ethernet  rid¬ 
ing  over  some  flavor  of  WDM.  Now  we 
had  to  refocus  on  Layer  1.  Would  it  be 
managed  or  unmanaged? 

UCSF  doesn’t  have  the  staff  or  expertise 


to  descend  into  the  depths  of  the  city’s 
manholes  to  splice  or  pull  fiber. There¬ 
fore,  everyone  agreed  that  a  service 
provider  should  manage  the  physical 
fiber  infrastructure.  However,  the  design 
team  was  divided  on  whether  the  lamb¬ 
das  should  be  managed. 

Some  team  members  favored  unman- 
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aged  (dark)  fiber. They  said  managed 
lambdas  would  be  limiting,  because 
changes  generally  have  to  be  submitted 
ahead  of  time  to  the  service  providers. 
They  argued  that  adding  capacity  could 
require  contract  and  service-level  agree¬ 
ment  renegotiation  in  addition  to  long 
lead  times. 

Other  team  members  said  they  believed 
managed  lambdas  would  make  our  task 
easier  because  we  could  leave  it  up  to 
the  service  provider  to  handle  the  light 
waves.They  were  concerned  about  the 
additional  training  required  if  we  went 
the  unmanaged  route. They  noted  that  it 
wasn’t  clear  whether  we  could  even  ob¬ 
tain  dark  fiber  at  every  location  in  San 
Francisco  that  we  needed  to  connect  to 
the  NGMAN. 

We  agonized  over  this  decision  for  sev¬ 
eral  weeks  and  finally  decided  to  offer 
vendors  the  opportunity  to  bid  on  both 
managed  and  unmanaged  fiber  solu- 
tions.This  affords  us  a  closer  look  at  the 
pluses  and  minuses  of  each  approach  as 
part  of  the  RFP  responses. 

Topology  selection  was  nearly  as  con¬ 
troversial  as  the  managed  lambda  deci¬ 
sion.  For  the  ultimate  in  reliability,  some 
team  members  preferred  a  full-mesh  core 
with  dual  homing  of  the  Building  Distri¬ 
bution  Facilities  (BDF)  that  serve  as  con¬ 
nection  points  between  the  campus 
buildings  and  the  core  network.  Others 
preferred  a  protected  ring  configuration. 
They  said  a  protected  ring  was  nearly  as 
redundant,  was  less  complex  and  re¬ 
quired  less  fiber  than  a  full  mesh. The  dis¬ 
cussions  got  quite  heated  at  times. 

To  resolve  the  issue,  the  group  was  arbi¬ 
trarily  split  into  two  teams.  Each  team  of 
eight  people  was  given  a  week  to  create  a 
design. 

A  week  later  both  groups  put  their  de¬ 
signs  side  by  side  on  white  boards.  Each 
argued  the  relative  advantages  of  their 
configuration  and  poihted  out  weakness¬ 
es  in  the  other  team’s  topology  Both 
teams  created  strong  designs,  and,  frankly, 
either  would  have  sufficed  as  a  decent 
backbone  design.  But  in  listening  to  the 
arguments  it  quickly  became  clear  to  that 
the  best  solution  was  a  hybrid  design  that 
included  elements  of  both  topologies. 
The  final  topology  selected  was  a  protect¬ 
ed  ring  core  with  dual-homed  connec¬ 
tions  from  the  BDFs. 

What’s  next 

In  the  second  part  of  this  series  —  to 
be  published  in  about  three  months 
when  the  RFP  process  is  completed  — 
we  will  talk  about  the  implementation  of 
the  RFRvendor  selection,  pre-installation 
testing  and  the  issues  we  encounter  as 
we  take  the  design  from  whiteboard  to 
procurement. 

Fritz  is  the  director  of  Enterprise  Network 
Services  for  the  University  of  California, 

San  Francisco.  He  is  the  author  of  Remote 
LAN  Access:  a  guide  for  networkers  and 
the  rest  of  us  and  Sensible  ISDN  Data 
Applications.  He  can  be  reached  at 
jfritz@its.  ucsf.edu. 
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It's  crunch  time  for  WAN 
managers.  The  snap-back  of 
budgets  and  the  sting  of 
expectations  now  demand  new 
answers  from  you.  Solutions 
like  identity-based  services. 
Bandwidth  optimization.  VoIP  that  works.  VPNs  that  fit.  True  enterprisewide 
WAN  benefits  that  are  evident,  effective,  efficient  and  excuse-free. 

It's  time  for  WANs:  Answering  the  Demand  for  Optimized  Services,  the  new 
Network  World  Technology  Tour  event  focused  on:  disciplined  bandwidth 
management,  caching  and  compression.  Optimized  services  that  run  over 
your  established  infrastructure.  Access  you  can  control,  partition  and  protect. 
Metered  monitoring  you  can  evaluate  in  real  time.  Standards  that  finally  deliver 
long-delayed  benefits  to  VPNs  and  VoIP.  The  WAN  challenge  has  never  been 
greater.  And  you  need  to  meet  it  head  on.  Act  now!  Optimize  the  benefits  you 
deliver  enterprisewide. 

Advance  Reservation  by  Qualified  Professionals  is  Required 
for  Complimentary  Attendance 

REGISTER  NOW! 

Online  at  www.nwfusion.com/events/wan2  or 
call  1-800-643-4668 

PLATINUM  PRESENTING  SPONSORS: 
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To  1 o/n  sponsors  of  this  premier  Network  World  Event  please  contact  Andrea  D' Amato  at  508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information 
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EMC  CELERRA  NS600 
NAS  DEVICE 


EMC  offers  high-end  NAS 
features  at  a  mid-range  price 

■  BY  BETSY  YOCOM  AND  DIANE  POLETTI-METZEL,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

With  its  Celerra  NS600  network-attached  storage  system,  EMC  has  pulled  some  of 
its  high-end  NAS  technology  down  into  a  mid-range  device  aimed  at  enterprise 
users  who  want  to  consolidate  10  to  20  departmental  and  branch-office  storage 
servers  onto  a  single  system. 


Based  on  EMC’s  proprietary  Unix- 
based  Data  Access  in  Real  time  (DART) 
operating  system,  the  NS600  supports  a 
number  of  features  typically  reserved  for 
high-end  NAS  devices,  such  as  extensive 
hardware  redundancy  and  high-avail- 
ability  measures. 

With  its  $162,00  price  tag  for  1  terabyte 
of  capacity,  the  NS600  offers  an  alterna¬ 
tive  to  competitive  products  that  can 
cost  more  than  $250,000. 

The  NS600  is  a  rack-mounted  system 
with  multiple  components.  The  front  end 
of  the  system  is  housed  in  the  Data  Mover 
Enclosure  (DME),  which  has  two  Data 
Movers,  each  supporting  six  auto-negotiat- 
ing  10/100/1000M  bit/sec  interfaces. 

The  Storage  Processor  Enclosure  (SPE) 
supports  2G  bytes  of  storage  RAM  and 
dual-active  storage  processors  (2-GHz 
Pentium  III  Prestonia  CPUs).  The  SPE 
manages  the  NS600s  RAID  5  arrays, which 


Net  Results 

Celerra  NS600 

OVERALL  RATING 

3.8 

Company:  EMC,  (508)  435-1000, 
www.emc.com  Cost:  $162,000  for  one 
terabyte  of  capacity.  Pros:  Extensive 
hardware  redundancy;  very  good 
performance;  logically  designed  Web- 
based  management.  Cons:  Relatively 
high  failover  time  from  primary  to 
secondary  data  mover;  overwhelming 
amount  of  data  in  Celerra  Monitor; 
noticeable  reduction  in  I/Os  per  second 
during  SYN-flood  attack. 


The  breakdown 

Management  and  administration  25% 

4 

Performance  25% 

4 

Features  20% 

3 

Installation  and  ease  of  use  15% 

4 

Configuration  15% 

4 

TOTAL  SCORE 

3.8 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good; 
3:  Average;  2:  Below  average;  1:  Consistently 
subpar 


reside  in  a  separate  enclosure.  Having  the 
Data  Movers  and  SPE  in  separate  enclo¬ 
sures  ensures  that  if  there  is  a  disk  failure, 
the  SPE  can  provide  the  data  needed  to 
rebuild  the  disk  without  affecting  data 
processing  power  within  the  Data  Movers. 
In  our  tests,  this  worked  as  advertised. 

We  tested  a  system  with  30  disks,  but 
the  NS600  can  support  up  to  120.  In 
addition  to  the  RAID  5  disks,  the  NS600 
comes  with  another  hot  spare  replace¬ 
ment  for  any  disk  that  might  fail  within 
the  cabinet. 

N+l  back-up  power  is  stored  in  its  own 
component  (the  DME  and  SPE  each 
have  their  own  dual  power  supplies,  as 
well). A  separate  hot  standby  power  sup¬ 
ply  for  the  storage  processor  allows  data 
in  cache  to  be  written  to  a  special  area 
called  a  vault  so  that  it  is  not  lost  during 
a  system  failure. 

Connections  between  the  major  front- 
end  and  back-end  components  are  via 
2-gigabit  Fibre  Channel  links. 

Fail  Safe  Networks  (FSN)  are  a  key  avail¬ 
ability  feature  on  the  Data  Movers.  They 
allow  10/1 00/ 1 000M  bit/sec  Data  Mover 
ports  to  be  configured  in  redundant 
mode  to  fail  over  to  a  secondary  connec¬ 
tion  if  the  primary  connection  fails.  FSNs 
can  be  configured  a  variety  of  ways  —  in 
sets  of  two  to  eight  ports,  as  Ethernet 
channels  or  in  link  aggregations.  All  con¬ 
nections  in  an  FSN  share  a  single  media 
access  control  and  IP  address. 

To  test  FSN,  we  configured  Data  Mover 
ports  0  and  1  as  the  primary  and  sec¬ 
ondary  network  interfaces  through  a  pull¬ 
down  menu  and  then  pulled  the  cable  on 
port  0.  The  failover  to  secondary  Port  1 
was  instantaneous.  However,  when  Port  1 
failed  back  to  the  primary  Port  0,  we 
observed  a  49-second  delay  which  is 
high.  Data  written  to  the  device  during 
this  delay  would  be  lost.  In  our  experi¬ 
ence,  instantaneous  failover  is  optimal; 
more  than  20  seconds  is  noticeable;  49 
seconds  is  about  the  time  we  consider 
getting  tech  support  on  the  issue. 

This  delay  can  be  avoided  by  config¬ 
uring  the  ports  in  standby  mode.  Once  a 
port  fails  over  to  a  secondary  port.it  will 
not  fall  back  to  the  primary  port  (unless 


there  is  a  failure  in  the 
secondary  port,  now 
acting  as  the  primary). 

The  NS600  Data  Mov¬ 
ers  can  be  configured 
in  two  modes:  prima¬ 
ry/primary  and  pri¬ 
mary/standby.  In  pri¬ 
mary/primary  mode, 
both  Data  Movers  are 
operational,  allowing 
users  to  optimize  per¬ 
formance  by  spreading 
the  load  between  two 
systems.  But  a  sec¬ 
ondary  system  doesn’t 
have  a  backup.  In  the 
event  of  major  failure, 
file  systems  would  have 
to  be  mounted  manu¬ 
ally  on  the  available 
Data  Mover. 

In  primary/standby 
mode,  one  Data  Mover 
acts  as  the  primary  sys¬ 
tem;  a  second  Data 
Mover  would  take  over 
if  the  primary  unit  fails. 

In  our  tests,  failover 
from  the  primary  to  a 
secondary  Data  Mover 
took  90  seconds, 
which  is  high  for  a 
network  device.  No 
sessions  were 

dropped,  but  there 
was  delay  in  writing 
to  the  file. 

When  we  pulled  a  fan  on  the  storage 
processor,  there  was  a  19-second  delay 
until  operation  resumed.  Removing  a  fan 
on  the  Data  Mover  and  pulling  a  disk 
from  its  enclosure  produced  no  delays  in 
operation  in  either  component. 

During  our  fail-over  tests  of  the  storage 
processor  fans,  we  did  not  replace  the 
primary  fan  after  a  failover  to  a  sec¬ 
ondary  fan.  After  2  minutes  the  storage 
processor  shut  down  entirely.  This  was 
odd  to  us  because  the  three  fans  are 
designed  to  be  redundant.  EMC  says  the 
shutdown  was  caused  by  a  safety  mech¬ 
anism  built  into  the  system  to  protect 


against  overheating. 
But  with  two  fans  still 
active,  we’re  not  con¬ 
vinced  this  safety  fea¬ 
ture  should  have 
kicked  in. 


Performance 

Because  of  the  limi¬ 
tation  of  the  lOMeter 
performance-mea¬ 
surement  tool  we 
used  in  our  tests  and 
the  number  of  client 
machines  we  had 
available  for  the  test, 
we  couldn't  tax  the 
NS600  to  anywhere 
near  its  maximum 
capacity  (60,000  TCP 
connections,  accord¬ 
ing  to  EMC),  but  we 
did  kick  its  tires  to 
determine  whether  it 
performed  as  expect¬ 
ed. 

We  ran  two  tests  — 
one  using  an  I/O  block 
size  of  8K  bytes  and 
another  test  with  an 
increased  I/O  block 
size  of  16K  bytes  to 
determine  how  pro¬ 
cessing  larger  block 
sizes  affected  the 
NS600.  (Our  I/O 
blocks  consisted  of 
emulated  file  server  traffic  with  20%  write 
and  80%  read  data.  Eight  HP  ProLiant 
machines  supported  two  clients  each.) 

Results  of  the  8K-byte  test  were  10 
msec  latency  and  10,224  I/Os  per  sec¬ 
ond,  which  equates  to  a  throughput  of 
79.87M  byte/sec.  (To  put  these  results  m 
perspective  in  terms  of  capacity,  in 
recent  tests  we  conducted  of  lower-en-: 
Windows-based  systems,  through;.:: 
were  6.26  1/Os  per  second  and  7.67 
byte/sec.) 

Performance  results  with  l6K-byte  hi  >■ 
sizes  came  out  as  we  expected 
was  slightly  higher  (14  microsecond 
and  the  I/Oper-second  rate  was  si,. 


EMC's  NS600  is  a  cost-effective  alter 
native  to  NAS  devices  that  cost  more 
than  $250,000. 
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How  we 


did  it 


W  e  installed  lOMeter  (an  open  source  workload  generator)  on  eight  HP 
ProLiant  ML350  servers  —  each  with  at  least  two  Pentium  lll/866-MHz 
processors  and  1G  byte  of  memory.  Each  server  emulated  two  clients. 
The  NS600  was  configured  in  primary/primary  mode,  and  16  separate  connec¬ 
tions  were  created  to  serve  as  lOMeter's  storage  targets. 

We  ran  two  tests  using  a  file  server/client  configuration,  using  8K-  and  16K-byte 
requests  (consisting  of  80%  read/20%  write  data)  that  randomly  accessed  the 
test  file. 

In  separate  tests,  we  launched  three  denial-of-service  attacks  against  the  NS600 
while  lOMeter  testing  was  in  progress.  For  failover  testing  of  the  data  movers,  we 
removed  power  from  the  primary  data  mover,  and  recorded  fail-overtimes.  When 
testing  failover  on  interfaces,  we  pulled  the  plug  on  the  primary  interface  and 
recorded  the  fail-over  time. 


lower  (9,017)  because  of  it  was  processing 
the  larger  blocks.  The  throughput  rate  was 
140M  byte/sec,an  increase  we  would  expect 
to  see  with  the  larger  block  size. 

Because  all  network  equipment  is  sub¬ 
ject  to  security  threats,  we  ran  two  attacks 
against  the  product.  When  we  threw  an 
Internet  Control  Messaging  Protocol  flood 
denial-of-service  attack  against  the  Data 
Movers,  the  1/O-per-second  rate  dropped 
3%;  a  Jolt2  attack  against  the  NS600 
caused  a  4%  drop  in  i/Os  per  second.  Both 


are  negligible,  and  in  both  cases  the  sys¬ 
tem  continued  operating.  However,  a  SYN- 
flood  attack  on  Port  445  (the  Microsoft 
port  and,  therefore,  most  vulnerable  to 
attack)  created  42%  reduction  in  I/Os  per 
second,  although,  again,  the  system  con¬ 
tinued  to  operate. 

Management  and  ease  of  use 

The  NS600  came  pre-installed  —  EMC 
sent  it  to  us  racked,  cabled  and  ready  for 
operation  —  the  only  thing  we  had  to  do  to 


get  the  system  up  and  running  was  establish 
a  static  IP  address  on  the  storage  controller 
using  an  installation  wizard. 

The  wizard  sets  up  communication  with 
the  browser,  through  which  we  set  user- 
name,  password  and  other  parameters, such 
as  static  IP  addresses  on  the  Data  Movers’ 
interfaces. 

The  NS600  is  managed  through  Celerra 
Web  Manager.  This  Web  Manager  GUI  is 
based  on  a  logically  designed  tree  struc¬ 
ture;  clicking  on  any  item  in  the  tree  invokes 
screens  from  which  we  configured  the  Data 
Mover  and  storage  systems  control  station. 
The  GUI  was  easily  navigated  and  intuitive, 
and  included  context-sensitive,  online  help. 
A  Unix-oriented  command-line  interface 
also  is  supported. 

An  additional  application  called  the 
Celerra  Monitor  lets  you  drill  down  into 
management  data  in  greater  detail.  This 
works  well,  but  provides  an  overwhelming 
amount  of  information. 

The  Celerra  Monitor  supports  visual 
alarms.The  NS600  also  can  be  connected 
to  a  modem  that  will  dial  out  to  the  EMC 
support  group  and  report  component  fail¬ 
ures  so  a  technician  can  be  dispatched  to 
the  site  to  fix  the  problem. 

Yocom  is  managing  editor  and  Poletti  is 
test  lab  manager  at  Miercom,  a  network 


test  lab  and  consultancy  in  Princeton 
Junction ,  N.J.  They  can  be  reached  at 
byocom@miercomr.com  and  dpoletti@ 
miercom.com. 
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■  Miercom  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of 
practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 

Other  members:  Mandy  Andress, 
ArcSec;  John  Bass,  Centennial  Networking 
Labs,  North  Carolina  State  University; 
Travis  Berkley,  University  of  Kansas; 
Jeffrey  Fritz,  University  of  California,  San 
Francisco;  James  Gaskin,  Gaskin 
Computing  Services;  Greg  Goddard, 
University  of  Florida;  Thomas  Henderson, 
ExtremeLabs;  David  Newman, 

NetworkTest;  Christine  Perey,  Perey 
Research  &  Consulting;  Barry  Nance, 
independent  consultant.  Thomas  Powell, 
PINT.  Joel  Snyder,  Opus  One. 


WholeSecurity 

Confidence  Online  Enterprise  Edition 


■  BY  MANDY  ANDRESS,  NETWORK  WORLD 
GLOBAL  TEST  ALLIANCE 


Web  site  with  further  instructions. 

The  fat  client  is  installed  on  a  client  sys¬ 
tem  and  runs  continuously  in  the  back¬ 
ground.  We  did  not  see  any  performance 
degradation  with  this  client.  When  a  VPN 
tunnel  is  created,  the  client  starts  a  scan 
on  the  system. 

The  ActiveX  control  is  downloaded  to 
unknown  client  systems 
when  they  request  access 
to  a  specific  Web  site, 
ensuring  the  system  does 
not  have  any  back  doors, 
keystroke  loggers,  or  other 
malicious  program  to 
access  logon  passwords 
and  other  sensitive  infor¬ 
mation  that  might  be 
entered. 

We  first  ran  a  number  of 
Trojan  and  back-door  pro¬ 
grams  WholeSecurity  pro¬ 
vided.  Confidence  Online 
successfully  identified 
these  programs  on  the  test 
systems  and  took  the  defined  action  upon 
discovery  By  contrast,  our  client  anti-virus 
program  did  not  successfully  identify  all 
of  these  programs. 


Next,  we  visited  a  few  nefarious  Web  sites 
that  successfully  installed  spyware  back 
doors  on  our  test  system.  Confidence 
Online  successfully  identified  the  rogue 
programs  and  terminated  them  as  config¬ 
ured.  The  anti-virus  program  running  on 
the  system  did  not  identify  these  programs 
as  problematic. 

We  then  infected  our  test  system  with 
the  Ratsou  Trojan,  which,  among  other 
things,  changes  client  security  settings, 
installs  an  Internet  Relay  Chat  server  and 
denial-of-service  client,  and  changes  the 
Windows  registry  so  it  is  run  at  startup. 
Confidence  Online  did  not  identify  any  of 
the  executables  used  by  this  Trojan  as 
problematic,  but  our  anti-virus  product 
alerted  us  to  the  infection. 

We  also  configured  Confidence  Online 
to  kill  any  instance  of  Solitaire  it  found 
running  on  our  test  system,  which  it  suc¬ 
cessfully  completed.  This  feature  allows 
corporate  security  managers  to  enforce 
policies  that  prohibit  programs,  such  as 
file  sharing  or  public  instant-messaging 
programs,  from  running  on  systems. 

Confidence  Online  provides  an  interest¬ 
ing  approach  to  client  security  It  is  scal¬ 
able  and  easy  to  use,  but  our  tests  show 


Confidence  Online 


WholeSecurity 
Austin,  Texas 
www.wholesecurity.com 

Cost:  $39  per  user,  which  includes 
management  server. 

Pros:  Fast  and  easy  to  deploy.  Does  not 
require  constant  signature  updates. 

Cons:  Only  works  with  Windows  oper¬ 
ating  systems.  Did  not  identify  all 
malicious  processes  on  test 
systems. 


that  it  should  be  used  with  a  client  anti¬ 
virus  program  to  provide  multiple  layers  of 
security  for  remote  users. 

Andress  is  president  and  founder  of 
ArcSec  Technologies,  a  security  consultan¬ 
cy  specializing  in  product  testing  and  com¬ 
parison.  She  can  be  reached  at 
mandy@arcsec.com. She  also  is  a  member 
of  the  Network  World  Global  Test  Alliance. 
For  more  Test  Alliance  information,  go  to 
www.  nw  fusion,  com/alliance. 


WholeSecurity  s  Confidence  Online  pro¬ 
vides  a  layer  of  protection  for  known  and 
unknown  Windows  clients  remotely  con¬ 
necting  to  your  network.  The  enterprise 
edition  includes  a  fat  client  for  VPN  con¬ 
nections,  a  small-footprint 
ActiveX  client  that  per¬ 
forms  a  security  check  on 
general  Web  connections 
and  a  Web-based  manage 
ment  console  for  logging 
and  alerting. 

Confidence  Online  is  a 
heuristics-based  product, 
examining  processes  run¬ 
ning  on  the  client  system 
looking  for  suspicious 
activity  —  such  as  the  use 
of  a  keystroke  logger  or  a 
hidden  window  —  with-  Confidence  Online  offers  secur- 
c  ut  relying  on  specific  sig-  ^y  tor  remote  Windows  clients. 

natures.  If  a  suspicious 
process  is  identified,  alerts  are  sent  to  an 
administrator  and  the  offending  process 
can  be  killed  or  just  logged  as  an  event. 

End  users  also  can  be  sent  to  a  specific 
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Cisco  beefs  up  its  stackable  switch  line 
with  StackWise  interconnect  technology 


CISCO  CATALYST  3750 
STACKABLE  SWITCHES 


■  BY  JOHN  BASS,  NETWORK  GLOBAL  TEST  ALLIANCE 

With  the  introduction  of  the  proprietary  StackWise  interconnect  technol¬ 
ogy  that  ties  its  new  line  of  Catalyst  3750  switches  together,  Cisco  has 
filled  the  gap  between  its  small,  stand-alone  Ethernet  switches  and  its 
large,  modular  chassis  and  blade  switches. 


The  Catalyst  3750  stack  is  a  good  fit  for 
enterprise  applications  where  a  large 
chassis  solution  is  not  economically  fea¬ 
sible,  and  smaller  stand-alone  switch 
products  don’t  scale.That's  what  we  con¬ 
cluded  after  we  connected  three  Catalyst 
3750s  in  a  ring  —  you  can  connect  up  to 
nine  boxes  —  and  found  that  the  ring 
provided  up  to  30G  bit/sec  throughput 
while  maintaining  low  latency,  con¬ 
densed  administration  and  management 
features,  and  increased  redundancy 

Cisco  offers  four  switch  configurations 
in  the  Catalyst  3750  line  —  a  24-port 
10/ 100BaseT  switch  with  two  small  form- 
factor  pluggable  (SFP)  uplinks,  a  48-port 
10/ 100BaseT  switch  with  four  SFP  ports, 
a  24-port  10/lOO/lOOOBaseT  switch  and 
24-port  10/lOO/lOOOBaseT  switch  with 
four  SFP  ports. 

We  tested  the  24-port  Fast  Ethernet  box 
tied  to  both  24-port  Gigabit  switches. 

Rack  and  stack 

The  switches  are  interconnected  using 
proprietary  multi-pin  connectors.  Two  of 
these  connections  per  switch  are  needed 
to  form  a  ring.The  switch  hardware  load- 
balances  all  packets  entering  the  switch 


Net  Results 


Cisco  Catalyst  3750 
stackable  switches 

Company:  Cisco,  (800)  553-6387 
Cost:  Range  in  price  from  $6,990  to  $10,990. 
Pros:  Offers  30G  bit/sec,  fault-tolerant 
stack  interconnect  ring; 
has  replicated  manage¬ 
ment  interface. 

Cons:  Stack  ring  can 
handle  only  one  failure 
reliably;  reboot  time 
is  long. 

_ The  breakdown  j 

Performance  40%  4 
Configuration  and  management  30%  5 
Scalability  and  redundancy  20%  4 
Installation/documentation  10%  5 
TOTAL  SCORE  4.4 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently  subpar 


onto  both  directions  of  the  stack  ring. 

Even  if  a  packet  is  destined  for  a  port 
on  the  same  switch  it  entered,  it  will  be 
forwarded  to  the  ring.The  ring  acts  as  the 
backplane  for  all  the  switches  in  a  stack. 
In  a  full-ring  configuration,  Cisco  says  it 
can  support  32G  bit/sec  of  throughput. 

If  a  stack  cable  or  switch  fails,  the  neigh¬ 
boring  switches  will  sense  the  ring  dis¬ 
connect  and  terminate  the  ring  on  both 
sides  of  the  fault.  The  ring  can  support 
16G  bit/sec  in  this  fault  state,  Cisco  says. 

Our  tests  showed  that  ring  throughput  is 
26G  bit/sec  for  the  smallest  allowable 
packet  size  and  30G  bit/sec  for  the  largest 
packet  size. This  difference  in  bandwidth 
is  most  likely  because  of  the  extra  head¬ 
er  information  tacked  onto  each  packet 
entering  the  ring  and  the  bandwidth 
used  by  the  token  to  arbitrate  access  to 
the  ring.  When  we  introduced  a  fault  in 
the  ring  by  unplugging  one  of  the  ring 
cables, the  ring  bandwidth  was  measured 
to  be  about  half  of  the  full  ring  band¬ 
width,  or  15G  bit/sec  with  large  packets 
and  13G  bit/sec  with  small  packets. 

We  also  tested  the  ring  configuration 
for  increased  latency.  The  Catalyst  3750 
stack  racked  up  a  worst-case  latency  of 
50  microsec,  which  is  well  below  the 
threshold  where  latency-sensitive  appli¬ 
cations  would  be  affected. 

When  you  power  up  a  Catalyst  3750 
stack,  a  master  switch  is  selected  for  the 
ring  according  to  six  criteria  document¬ 
ed  by  Cisco.  The  first  criterion  is  a  user- 
defined  master  election  priority. The  abil¬ 
ity  to  prioritize  the  master  election 
process  worked 
as  expected.We 
defined  which 
switch  would 
always  become 
master,  which 
switch  would 
become  master 
if  it  fails  and  so 
on  until  one 

switch  is  left  in  the  stack. 

Stack  and  switch  configuration  and 
ongoing  management  are  handled 
through  two  interfaces:  a  command-line 
interface  (CLI)  or  cluster  management 
services  (CMS). 

The  CLI  looks  and  feels  like  the  stan¬ 


dard  Cisco  interface  with  the  addition  of 
a  few  commands  to  configure  stack  op¬ 
tions.  The  stack  appears  as  a  multiple 
card  chassis  with  the  typical  hub/slot/ 
port  numbering  convention.  The  master 
switch  replicates  the  CLI  to  all  the  switch¬ 
es  in  the  stack  so  that  console  port 
access  shows  the  same  information  from 
any  switch  in  the  stack.The  configuration 
files  are  unified  for  all  switches.  If  the 
master  switch  fails,  the  new  elected  mas¬ 
ter  will  have  the  configuration  for  the 
entire  stack. 

To  make  sure  all  switches  can  imple¬ 
ment  all  features  known  to  the  master 
switch,  the  master  copies  its  software 
image  to  each  switch  in  the  stack  if  nec¬ 
essary  This  removes  the  risk  of  a  switch 
not  having  to  handle  a  particular  feature 
configured  through  the  master  switch. 
Because  this  copying  process  might  in¬ 
fringe  on  software  licensing, the  adminis¬ 
trator  must  make  sure  the  proper  number 
of  software  licenses  has  been  purchased. 

To  unify  the  switch  configuration,  each 
switch  in  the  stack  is  given  an  arbitrary  ID 
number.  This  number  is  used  when  dis¬ 
playing  the  interface  ports.  We  tested  the 
ability  to  renumber  the  switch  IDs.  This 
worked  as  expected  and  made  adminis¬ 
trative  tasks  much  easier. 

The  Java-based  CMS  supports  many 
browsers,  but  it  did  not  work  on  an 
Apple  PowerBook  running  OS  X. 

CMS  has  two  modes  of  operation: 
expert  and  guide.  Expert  mode  basically 
replicates  the  configuration  options 
found  in  the  CLI.  Guide  mode  provides 
configuration  wizards  that  help  config¬ 
ure  the  stack  for  complex  functions  such 
as  quality  of  service  and  multicast  rout¬ 
ing.  The  wizards  were  useful  but  limited 
in  flexibility. 

One  beneficial  stack  management  fea¬ 
ture  is  remote  deployment.  Once  a  stack 
is  up  and  running  on  the  network,  any 
technician  should  be  able  to  connect  a 
new  switch  into  the  stack  and  power  it 
up.  At  that  point,  the  network  administra¬ 
tor  can  configure  the  new  switch  with¬ 
out  any  local  network  configuration  and 
remotely  manage  it. 

While  the  performance,  features  and 
flexibility  offered  by  the  Catalyst  3750 
bundle  stack  up  very  well,  we  pinpointed 
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two  troublesome  spots.  The  master  elec¬ 
tion  and  configuration  unification  pro¬ 
cesses  do  not  handle  multiple  ring  faults 
well.  The  stack  system  was  designed  to 
only  handle  one  fault  at  a  time.  If  two  ring 
faults  occur,  the  stack  becomes  two 
stacks  each  with  a  master  of  its  own.  After 
reconnecting  the  ring  without  a  reboot, 
the  master  election  process  might  not  be 
able  to  resolve  a  new  master.  You  can 
reboot  the  stack  to  remedy  this  issue.This 
shortcoming  doesn’t  negate  the  useful¬ 
ness  of  the  architecture,  but  it’s  some¬ 
thing  to  plan  for  if  you  deploy  these 
switches  in  your  network. 

Because  the  switches  have  to  keep  up 
with  things  like  master  election,  CLI  repli¬ 
cation,  unifying  the  configuration,  and 
other  basic  stack  functions,  the  time  it 
takes  to  reboot  the  switches  is  longer  than 
you  might  be  used  to.  A  switch  with  no 
stack  connections  will  reboot  in  about  2 
minutes.  A  three-switch  stack  takes  about 
2  minutes  and  15  seconds  to  reboot. 

One  very  useful  feature  of  the  stack  is 
cross-channel  etherchannel  configura¬ 
tion. This  feature  lets  you  configure  mul¬ 
tiple  links  to  belong  to  the  same  logical 
link  or  bundle. These  links  do  not  have 
to  belong  to  the  same  switch.  Without 
the  stack  feature,  link  aggregation  is 
restricted  to  ports  on  the  same  switch. 
This  feature  worked  as  advertised. 


Bass  is  a  senior  technical  staff  member 
at  North  Carolina  State  University's 
Centennial  Networking  Labs  in  Raleigh, 
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■  BUSINESS  JUSTIFICATION 


SAN  smarts 

IT  managers  say  hands-on  experience  is  the  most  effective  way  to  learn  about  storage-area  networks. 


■  BY  DENI  CONNOR 

Learning  to  install,  configure  and  manage  a  storage-area  network 
is  a  hodgepodge  affair  that  is  littered  with  hard-won  experience 
and  lessons  learned,  IT  managers  say 


“I  have  not  been  to  a  formal  training 
class,  but  we  have  worked  closely  with  our 
vendors  to  make  sure  our  design  is  realistic 
and  achievable,”  says  David  Bratt,  technol¬ 
ogy  architect  for  H.  Lee  Moffitt  Cancer 
Center  in  Tampa,  Fla.  “I  have  definitely 
picked  up  a  lot  of  knowledge  by  working 
hands-on  with  the  hardware  that  makes  up 
our  SAN.” 

Bratt  has  a  Hitachi  Data  Systems  9570 
storage  array  connected  with  a  Cisco  MDS 
9216  switch  to  Emulex  and  QLogic  host 
bus  adapter  installed  in  Windows,AlX,Sun 
and  Linux  servers. 

Storage  concepts  such  as  SCSI  Logical 
Units  (LUN),  LUN  masking  and  zoning  is 
enough  to  confuse  any  network  adminis¬ 
trator.  Storage  is  often  divided  into  smaller 
pieces  called  LUNs,  which  then  are 
assigned  to  one  or  more  servers  to  give 
them  exclusive  use  of  the  storage. 
Assigning  servers  to  storage  LUNs  is  called 
LUN  masking. Zoning, on  the  other  hand,  is 
the  grouping  of  servers  and  their  assigned 
storage  into  domains  that  can  be  man¬ 
aged  more  easily. 

Tom  Clarke,  director  of  technical  market¬ 
ing  at  Nishan  Systems,  agrees  that  cus¬ 
tomers  need  to  get  their  hands  on  IP  stor¬ 
age  gear  to  really  understand  it.“Although 
some  of  the  concepts  are  similar,  the 
actual  implementation  will  vary 
somewhat  between  vendors,”  he 
says.“There’s  enough  variation 
between  vendors  that  learn¬ 
ing  by  hands-on  configura¬ 
tion  is  the  way  to  do  it." 

Like  Bratt,  many  IT  man¬ 
agers  are  learning  alongside 
the  vendor  that  installed,  recon¬ 
figured  or  expanded  the  com¬ 
pany’s  SAN. 

"I  learned  90%  by  doing,  10% 
from  a  vendor,”  says  Rich  Banta, 
senior  enterprise  systems  engi¬ 
neer  for  St  Vincent  Hospital  in 
Indianapolis  “The  90%  part  led  to  painful 
and  expensive  mistakes  on  occasion.” 

Banta  didn’t  properly  partition  the  fabric 


and  then  compounded  the  mistake  by  not 
masking  LUNs  when  creating  volumes  on 
the  SAN.The  new  LUNs  were  presented  to 
every  server  attached  to  the  fabric,  caus¬ 
ing  many  of  them  to  re-enumerate  their 
volumes  in  Windows  2000  Disk  Manager. 
That  was  an  all-night  clean-up,”  he  says. 

Banta  has  two  SANs  —  an  XIOtech 
Magnitude  array  linked  by  Brocade 
Silkworm  12000  and  2800  switches  to 
servers  containing  QLogic  host  bus 
adapters,  and  a  Compaq  EM  A  16000, 
Emulex  host  bus  adapters  and  Brocade 
2800  and  16EL  Fibre  Channel  switches. 

How  would  these  managers  fine-tune 
SAN  training  if  they  had  to  do  it  again,  and 
what  would  they  do  differently? 

“Three  years  ago,  when  I  got  into  [the 
storage]  business,  there  was  not  a  lot  of 
commercial  training  available,”  says  Ken 
Walters,  senior  director  for  enterprise 
platforms  at  Public  Broadcasting  Service 
in  Alexandria,  Va.  Walters  has  an  IBM  En¬ 
terprise  Storage  Server  and  FAStT  arrays 
connected  with  Brocade  Silkworm 
switches  to  Sun,  HP  and  Windows  servers 
containing  Emulex  or  QLogic  host  bus 
adapters. 

Storage  vendors  always  have  offered  a 
litany  of  information  on  their  Web  sites, 
Walters  says.  “There  are  many  more 
options  available  now,  even  from 
mainstream  training  compa¬ 
nies  such  as  Global  Know¬ 
ledge.  The  Storage  Network 
Industry  Association  Web 
site  is  also  a  great  resource 
for  finding  training,  as  well 
as  tutorials  and  white 
papers,"  he  says. 

Such  resources  will  be  use 
ful  for  boning  up  on  newer 
storage  technologies  such  as 
provisioning  and  virtualiza¬ 
tion.  Bratt  says  formal  training 
is  an  option,  but  the  H.  Lee 
Moffitt  Cancer  Center  probably  will  rely 
on  publications  and  vendor  documenta¬ 
tion  to  educate  its  IT  staff  about  emerging 


technologies. 

“In  addition, we  have  a  good  relationship 
with  our  vendors,  and  they  have  always 
been  willing  to  talk  with  us  about  any¬ 
thing  we  have  on  our  minds,  as  well  as 
new  products/technologies  that  are  about 
to  hit  the  market,”  Bratt  says. 

Another  option  is  to  consult  high-tech¬ 
nology  publications.”!  learned  about  SANs 
by  reading  a  lot  of  books  and  articles  on 
SAN  technology  and  design,”  Bratt  says. 

Walters  will  depend  on  the  same  sources 
he  did  for  installing  his  SAN. ‘Til  look  to 


conferences,  storage  Web  sites,  magazines 
and  [vendor]  white  papers,”  he  says. 

If  these  managers  had  a  chance  to  do  it 
over  again,  they’d  do  some  things  differently 

“Make  sure  that  you  have  a  good  under¬ 
standing  of  what  the  best  practices  are  be¬ 
fore  you  build  and  get  outside  help  and  re¬ 
view  in  designing  your  SAN,”  Walters  says. 
“It  is  very  important  that  you  do  not  design 
and  implement  your  first  SAN  without  ex¬ 
perienced  consulting.  Once  you  have  built 
your  SAN  it’s  hard  to  go  back  and  change 
things." 

Mark  Greene,  senior  systems  engineer 
for  IT  Services  at  Capital  Region  Health 
Care  in  Concord,  N.H.,  offers  a  surplus  of 
advice. 

“Spending  some  money  on  training  up¬ 
front  is  a  worthy  investment  in  the  time 


you’ll  save  during  implementation.  The 
more  hands-on  you  can  get  prior  to  instal¬ 
lation,  the  better  off  you  will  be,"  he  says. 

Among  his  other  tips:  Schedule  as  much 
time  as  possible  between  SAN  installation 
and  data  migration,  and  check  with  soft¬ 
ware  vendors  to  see  if  they  recommend 
certain  configuration  settings. 

While  initial  training  is  important,  Tom 
Gonzales,  senior  network  administrator 
for  a  large  credit  union  in  Denver, says  fol¬ 
low-up  skills  are  also  necessary  in  the 
event  of  a  problem. 


“Most  of  the  knowledge  transfer  from 
the  installing  vendor  was  related  to  provi¬ 
sioning  and  volume  management,"  Go¬ 
nzales  says. “More  focus  on  routine  main¬ 
tenance  and  troubleshooting  would  have 
been  nice.”  Gonzales  has  a  Dell  Pbwer- 
Vault  SAN  connected  by  a  Cisco  Fibre 
Channel  switch. 

And  a  final  word  for  the  SAN-wise.“Have 
patience,”  says  Kent  Smith,  principal  con¬ 
sultant  for  IPSO,  a  systems  integrator  in 
Wayland,  Mass.,  who  has  an  EMC  SAN 
connected  with  InRange  switches. 

“Unless  you  source  everything  from  one 
vendor,  there  will  undoubtedly  be  idiosyn¬ 
crasies  in  how  things  fit  together. The  only 
training  1  have  seen  is  vendor-specific, and 
bridging  the  gaps  between  vendors  is 
where  the  headaches  lie."B 
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Consolidate  control  of  your  server 
room  with  powerful  AMX  switching 
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EASIER  TO  USE 

•  Auto-configuration  simplifies  set-up.  The  system  automatically 
addresses  the  ports,  appliances  and  computers  for  you 

•  Intelligent  AMIQ  interface  modules  remember  your  configuration, 
so  it’s  easy  to  install,  maintain  or  move  your  servers 

•  Graphical  AMWorks  administration  software  and  mouse-driven 
on  screen  menus  are  simple  to  navigate  and  control 
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MORE  ADVANCED  FEATURES 


•  Scalable  architecture  grows  with  your  server  room 
•Supports  multi-rack  PS/2,  Sun  and  USB  server  environments 

•  Full  non-blocked  access  to  servers  and  serial  devices 

•  End-to-end  CAT  5  connections 

•  Save  rack  space  -  1  U  switch  supports  up  to  8  users  and  32 
servers;  2U  switch  supports  up  to  16  users  and  64  servers 

•Multi-level  security  and  password  protection  for  each  user 

•  Multiple  users  can  share  access  to  the  same  server 

•  Share,  private,  scan  mode  available  to  all  users 


Smarter,  Simpler  KVM  Switching 


•  AMIQ  computer  interface  module  retains  the  unique  ID  and  server  name, 
so  reconfiguration  and  expansion  is  as  simple  as  switching  the  cable 

•  Exclusive  AutoTuning™  optimizes  video  performance  over  UTP  cable,  at 
any  distance 


•  Build  customized  user  profiles  and  centralize  control  of  connected  servers 
with  AMWorks  -  Java-based  system  software  included  with  each  switch 
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•  All  system  components  can  be  flash  upgraded  simultaneously  with  just  a 
few  clicks  of  the  mouse 
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Introducing  APC's  Rack-mount  LCD  Monitor 

As  floor  space  in  your  IT  environment  becomes  more  expensive  and  difficult  to  allocate,  you  need 
to  utilize  your  rack  enclosure  space  as  efficiently  as  possible. 

A  traditional  CRT  monitor,  monitor  shelf,  keyboard,  and  keyboard  drawer  take  up  to  13U  of  your 
valuable  rack  space.  An  APC  rack-mount  LCD  monitor/keyboard  drawer  offers  you  the  same 
functionality  while  using  only  1 U  (1 .75")  -  leaving  you  with  up  to  1 2U  of  valuable  space. 


FEATURES  INCLUDE 


A  full  size  keyboard  with  1 04  full 
travel  keys  and  integrated  number 
pad 


On-screen  display  (OSD) 
adjustments 


An  integrated  trackball  to  eliminate  the  need 
for  an  external  mouse 


1024x768  resolution  for 
exceptional  image  quality  for  most 
server  applications 


Active  matrix  TFT  displays  that  emit  less 
heat  and  use  less  than  half  the  power  of 
comparable  CRT  monitors 


Ability  to  connect  to  a  server  or  KVM 
switch  via  a  standard  VGA  connector 
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has  been  tested  and  certified  for 
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architecture.  Before  you  buy, 
check  for  the  X  to  guarantee 
product  compatibility. 


Enter  to  WIN  a  FREE  APC  LCD  Monitor  today.  A  $2239  value! 
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Quickly  Pinpoint,  Pre-solve  & 
Prevent  Network  Problems 
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Observer 
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Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (lO/IOO/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 
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Command  Your  Network 
With  Cyclades 


Selecting  the  right  components  for  your 


ACS 


network  is  often  a  challenging  decision. 

rippf 

With  our  AlterPath  PM8,  you  can  remotely 

l 

re-boot  your  system  with  just  a  few  mouse  clicks.  i 

By  integrating  the  AlterPath  PM8  with  our 
award-winning  AlterPath  ACS,  you  combine 
power  and  console  management.  Now  you  can 
command  all  your  infostructure  with  secure  authentication 
and  bulletproof  encryption  as  demanded  by  todays' 
mission-critical  applications  all  in  one  single  session  -  anytime,  anywhere. 


AlterPath 


AlterPath  PM8 


uoi 

Power 


Integrated  Power 

Console  and  power  control  from  one  session, 

and  Console 

no  need  to  memorize  ports  and  addresses 

Security 

SSH  v2,  strong  authentication,  encryption  and 

IP  filtering  on  both  power  and  console  access 

Daisy  Chain 

1 

Daisy  chain  power  distribution  units  to  control 
any  number  of  devices  from  a  single  serial  port 

jrfeht 


Remote 

Control 


Monitoring 


Tbisy 

Chaining 


©2003  Cydades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  imoges  ore  property  of  their  respective  owners.  Product  information  subject  to  change  without  notice. 
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oot...  with  no  'IT  there. 

Control  power  remotely  with  APC  s  space-saving  0  "U"  MasterSwitch ™ 

Control  power  to  your  valuable  connected  network  devices  using  MasterSwitch 's  remote 
on/off/reboot  capability.  Ideal  for  any  situation  where  rebooting  or  power  cycling  is  required  of 
equipment  or  "locked-up"  servers.  The  MasterSwitch  mounts  vertically,  requiring  zero  U  space, 
leaving  you  with  more  room  for  your  network  equipment.  Trust  your  remote  management  needs 
to  the  leader  in  power  protection:  APC.  To  learn  more  today  visit  us  online  at  www.apc.com 

OPTIMIZED  FOR  MANAGEMENT  AND  CONTROL 


•  Wireless  Application  Protocol 

•  Boot-P  support 

•  Accessible  terminal  block  for  hardwire 
capability 

•  Event  configuration 

•  E-mail  notification 

•  Vertical  mounting,  requiring  zero  'Ll' 
of  space 

•  Remotely  manage  outlets  by  turning 

•  Requires  separate  control 


outlets  on/off  or  rebooting  connected 
equipment 

•  Built-in  Ethernet  interface*  for  direct 
connection  to  the  LAN 

•  MD5  authentication  security 

•  Power-up  sequencing  lets  you  configure 
the  sequence  in  which  power  to  outlets  is 
turned  on  or  turned  off. 


i 


Every  product 
carrying  this  mark 
has  been  tested  and 
certified  for  use  with 
InfraStruXure” 
architecture.  Before 
you  buy,  check  for  the 
X  to  guarantee 
product  compatibility. 


s 


Enter  to  WIN  a  FREE  APC  MasterSwitch™  today. 

Visit  httpy/promo.apc£om  Key  Code  m699y  •  Call  888-289-APCC  x6603  •  Fax  401-788-2797 

©2003  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  1 32  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA 


With  over  15  million 
satisfied  customers,  APC's 
Legendary  Reliability" 
guarantees  peace  of  mind. 


eacnmg  new  neignt# 


in  Remote  Reboot  AC  or  DC  Power  Management 


Don’t  let  server  lock-up  knock  you  off  the  mountain.  Spectrum  Control's 
SMARTstart  power  distribution  units  with  remote  power  management 
:  capability  allow  you  to  monitor,  sequence  and  reboot  your  servers  and 

network  equipment  from  any  remote  location. These  AC  or  DC  rack 
mounted,  off-the-shelf  solutions  feature  several  methods  of  communication 
T  '■  including  advanced  Web  Browser  access  and  greater  power  management 

.  '  than  you  ever  imagined. 

•  Reboot  via  telnet  and  other  convenient  interfaces 

. 

•  Lower  costs  through  reduced  network  downtime  and  field  service  visits 

•  SMARTstart  PDU's  offer  customization  and  are  upgradable 

v  •  Menu-.diiven  user  friendly  interface  and  secure  password  protection 

>  ^ Ty.v 1  — v .  * '  ’ 

•  Global  access  to  monitor,  reboot  and  sequence  outlets 

’  ‘r“. '•;•>»*  •'.•  ’• 

•  Email  alerts  &  SNMPTraps  for  immediate  system  status  notification 


To  learn  more  call  814-474-2207 
or  for  online  i lata  sheds .  go  to  p 
www. specpouer.com/remot  ell 


We're  looking  for  Resellers  (VAR'S) 
and  Distributors  to  join 
our  SMARTcirde 
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western  telematic  incorporated 


SSH  or  Out-Band  Access  to 
Consoles  at  Remote  Locations 


(800)  854-7226  -  www.wti.com 


The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the 
SCM-16  serial  outputs. 


Visit  website  for  complete  NetReach™  product  line. 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  1 1 5/230VAC  or  -48VDC  Models 


GHfl ! 


Experience  Counts.  Since  1 994  GTA 
has  been  building  solid,  dependable 
firewall  systems.  For  the  past  8  years 
our  line  of  firewall  products  have  met 
the  demands  of  small  to  medium 
sized  businesses  worldwide.  To  learn 
more  about  our  family  of  firewalls  visit 
our  website  or  contact  a  GTA  channe1 
partner. 
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umox 


EQUINOX'  “Serial  Ports  Over  IP” 


an  Avocent  Company 


The  ESP-2  Ml  is  a  compact  Multi-Interface,  2-port  serial  hub  that  provides 
versatile  RS-232,  RS-422  and  RS-485  support  for  industrial/manufacturing 
and  a  wide  variety  of  commercial  applications. 

•  NEW  web  management  utility  simplifies  configuration  and  administration 

•  Supports  RS-232,  RS-422  and  RS-485  serial  protocols 

•  Ideal  for  industrial/manufacturing  environments  and  other  commercial  applications 


Web  browser 
management 


©  2003  Equinox  Systems,  an  Avocent  Company.  All  rights  reserved.  All  brand  names  and  product  names  are  trademarks  or  registered  trademarks  of  their  respective  holders. 
One  Equinox  Way,  Sunrise  FL  33351  email:  sales@equinox.com  for  international  customers  email:  intlsales@equinox.com 


Make  your  serial  devices 
IP  ready  with  Equinox  ESP 
Serial  Hubs! 


The  Family  of  Equinox  ESP  10/100  Serial  Hubs  provide  “Serial  Ports  Over  IP” 

Place  serial  COM  ports  at  the  point  of  need  and  eliminate  the  cabling  nightmare.  Our  Multi-Interface  serial  hubs 
allow  soft-selection  of  RS-232,  RS-422  and  RS-485  serial  interfaces  on  a  per  port  basis.  Equinox  Serial  Hubs  offload 
virtually  all  serial  traffic  from  the  host  server  so  your  ports  are  finally  freed  from  the  confines  of  your  server  -  ideal  for 
peripheral  sharing.  Includes  1 5KV  surge  protection  on  every  pin  of  every  port. 

Download  your  free  white  paper:  Optimizing  Manufacturing  Infrastructure  Using  Ethernet  Serial  Hubs  at 
http://www.equinox.com/wpdownload272.cfm 


For  a  FREE  30-day  product  evaluation,  call  1-800-275-3500  ext.  615  or  954-746-9000  ext.  615 


>earch 


dtSearch 


dtSearch 


dtSearch 


dtSearch 


dtSearch 


Instantly  Search 
UtiSCarCII  Gigabytes  of  Text 

♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options 

♦  highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links, 
formatting  andlTiTE!'!:^ 

♦  converts  other  file  types— word  processor,  database,  spreadsheet,  email, 

ZIP,  XML,  Unicode,  etc.— to  HTML  for  display  with  highlighted  hits 

♦  developer  products  have  easy  wizard-based  setup;  optional  API 


“Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 

“Very  powerful ...  a  staggering  number  of  ways  to  search” 

-Windows  Magazine 

“intuitive  and  austere  ...  a  superb  search  tool”  -PC  World 

d  Search  “covers  all  data  sources ...  powerful 
Weh  hased  engines”  -eWEEK 

B  i -i  d  :kH y  fast”  -Computer  Forensics:  Incident  Response  Essentials 
/  xt  mining  engine  ...  effective  because  of  the  level 


rtice  it  displays”  -PC  Al 


In  the  past  year  alone,  over  half  of  the  current  Fortune  10 
have  purchased  developer  or  network  licenses. 


1  -800-IT-FINDS 

sales@dtsearch.com 


5aewww.dtsearch.com  for: 

♦  developer  case  studies 

♦  fully-functional  evaluations 


Industrial-strength .. 
superb"-*:  Magazine 


Text  Retrieval 
Engine 

♦  for  Win  &  .NET 
♦  for  Linux 

♦  call  for  pricing 


o  I/I  VVV*vVV 

—'IS  ;  VlXy 

■hoi  i  \y 

0  n  I  Te 

-  3‘|"lndustrial-strength .. 

I  superb"-*  Magazine 


dustrial-strength.. 
superb**— PC  Magazine 


Publish 


0  ^  Vvvw 

V/ 

-*  31  “Industrial-strength 


♦  from 


superb  -PC  Magazine 


ui  Q. 


0  t/i 


♦  included 
with  Desktop , 
Network  and 
Web 


«  G 


"Industrial-strength .. 
superb"-pc  Magazine 


■♦y 


Desktop 

♦  5799 


3“  "Industrial-strength .. 


superb  -PC 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


Network 

Sfrom  $800 
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I  to  IOOO  remote  servers  aqe  wijhin  your  reach 

Over  IR  Fibeiv'or  Cat  5 

Access  your  server(s)  from  XNYWHERE 
with  the  push  of  a  button!  j|\ 


UltraLink™ 
REMOTE  KVM  ACCESS  OVER  IP 

■  Connect  to  remote  computer  over  Ethernet  or  dial-up 
Single,  dual,  quad  models 

local  KVM  port  to  access  computers  at  UltraLink  unit 
t  Modem  port  with  dial-back  security 
Up  to  1 280x1 024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

■  Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

■  Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

■  SSL  security  and  passwords  prevents  unauthorized 
.access 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+65  6324  2322 


WWW.ROSE.COM 


CrystalView™  Mini 
CAT 5  KVM  EXTENDER 

♦  Extends  KVM  station  up  to  1 50 
feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1280x1024  resolution 


CrystalView™ 

CAT 5  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1000’  from  your  computer 

♦  Supports  PC,  Sun,  or  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600  xl  200  resolution 

♦  Available  as  standalone,  rack 
mounted,  or  high  density  chassis 


^^ELECTRONICS 

Rose  Electronics  ■  10707  Stancliff  Road  •  Houston,  Texas  77099 


CrystalView™  Pro 

DIGITAL  KVM  EXTENDER 

OVER  FIBER  OR  CAT  5 

♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVIA/GA,  PC,  Sun,  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1 200  resolution 


CrystalView™  Rack 
CAT 5  KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC’s  up  to  1000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1600x1200  resolution 


What  If 


Your  Hard  Drive  Crashed 

Right  Now? 


-j 


DupliDisk  provides 
real  time  data  mirroring, 
so  if  your  primary  hard  drive 
crashes,  your  computer  will 
continue  to  run  smoothly  with 
no  data  loss. 

•  Requires  no  device  drivers. 

•  Uses  no  system  resources. 

•  Complete  technical 
support  department. 

•  6  different  form  factors. 

•  Hot  Swap  models  available. 


FREE  GIFT 

Mention  This  Ad  or 
Visit  our  Website. 


,  DupliDisk3 

IDE  RAID  Controllers 


ARC0 

AIM  HtOTiCm*  SrSTtMS 


www.arcoide.com/nwgift  •  (800)458-1666 
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MORE  REASONS  TO  CALL  MOVINCOOL. 
#1  IN  PORTABLE  SPOT  AIR  CONDITIONING 
FOR  OVER  30  YEARS. 


►  Protects  against  excessive  heat 

►  Prevents  costly  system  failures 

►  Increases  productivity  and  manufacturing  quality 

►  Up  to  60,000  Btu/h  of  cool  air 


►  No  costly  installation 

►  Affordable  rent,  lease  or  purchase  options 

►  The  only  ETL-verified  portable  air  conditioner 
for  performance 


f 

I 

I 

t 


I 


Call  800-264-9573  or  visit  www.movincool.com  to  ask  about  our  affordable  leasing  optior>;i 

MCVINCOOL 

THE  #1  PORTABLE  SPOT  COOUNG  SOLUTION 
©2003  DENSO  Sales  California,  Inc.  MovinCool,  Spot  Cool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation 
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10/100  BaseT  Ethernet 

IP  for  HTML.  SNMP  & 
Telnet  Management 


RS-232 

Serial  Management 


Link  Port 

(daisy  chains  to) 

Expansion  Module 


42^ 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 

>  Sentry  Power  Tower. 
Equipment  Cabinet  Solutions. 


Server  Technology,  Inc. 


.  1040  Sandhill  Drive  Reno,  Nevada  89511  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 
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SENSAPHONE® 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


-  .M  IMS-4DOD 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  R|-45  Sensor  Inputs 

( Temperature ,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

void  owntime 

Plan  ahead  and  protect  your  IT  operations 
from  heat  crippling  downtime 


Thousands  of  COOLITs  are 
currently  cooling  data/LAN 
rooms  around  the  clock. 


AirPac 


COOLIT  2000  Series 
Plug  and  cool  -115  V. 


Portable  -  Compact  -  Self-Contained 


Online  ordering 
next  day  shipping 


ADAPT 

fc  243-COOL 


FREE  Cooling  Analysis  Guide  ONLINE! 


www.CoolestSpot.com 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


I  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


MeasureUp 

(678)  356-5000 

www.measureup.com 

Certification  Practice  Tests 

Learn  key,  Inc. 

(800)  865-0165 
I  www.leamkey.com 
Self-paced  online  CD  network 
I  certification  developer  bus/apps 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
|  www.cbtnuggets.com 
Inexpensive  training  videos  on  CD. 

I  MCSE,  MCDBA,  MCSD,  Cisco  CCNA,  Linux,  A+,  Net+ 


IPexpert,  Inc. 

(866)  225-8064 
|  www.ipexpert.net 
CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
CCNP,  CCNA,  and  IP  TELEPHONY 


J 'O  -PHp  You/  iKililJ 

i  i  i  «  i  >  i  >  . 


OptimumDatalnc. 

www.optimumdata.com 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax:  + 1  402  575  20 1 1 


Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 


7  Hubs 
7  Routers 


« - 


Products  .  -  \ 

purchased  as 

a,  result  of 
Marketplace,  ads. 


(7  Software’ 
training 
7  Memory 
products 
7  Ethernet 
Cards 

7  Netware, 


products 
7  Modems 
7  Testing 
equipment 
7  Multiplexers 


Also  Available:  Wellfleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  ni  Network  Remarketer 

952*835*5502 

Fax  952*835*1927  E-Mail:$ales@comstarlnc.com 


f  m 

Advertise  in  the 
Marketplace  and  watch 
your  sales  come 
pouring  in! 


Call  Direct  Response 
Advertising 
1-800-622-1108 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


tilT* 

Truckload 


CiscoSrjim 

NGRTEL 

NETWORKS 


m 


caBieTRon 

sxsR?ms 


Sale 

m  Bay  Networks^ 


Fax  Equipment  List  To  801-377-0078 


888-8LANWAN  SX 

Call  for  Free  Quote!  (888-852-6926)  www.nle.com 


One -Year  Warranty 


►  Largest  warehouse  of  used  Cisco 

►  Highest  quality  and  lowest  prices 

►  Over  5000  satisfied  customers 

Call  or  email  for  a  fast  quote. 

800.439.8558 


sales@digitalwarehouse.com 


- jht  Delivery 

90-day  Guarantee 
40%-90%  Off  List  Price 
Free  Tech -Support 


f  SERVER  ROOM 

Temperature 

Sensors 

p-ttmvnmm-  * 129 99 


Multiple  Models  Including: 

_  THL-100 

(Battery  powered) 

THL-100  AC/DC 

(Continuous  monitoring) 

THL-100  AC/DC  Pius 

(Email  alarms) 

►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 
•  Data  or  graphical  view 

•Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


NEW 


WKBOfflETl 


A  /_■**> 


USED 


5Q%-90%  Discounts 

Cisco  Livingston  Ascend  Lucent 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Racketeer  Computone  Patton 
Extreme  Networks 

Modems  /  DSU  /  Maxes 

IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

BUY  AND  SELL 

800-699-9722 

www.wrca.net 
AS5x  VOiP  /  EXS  7-77: 


careers 


it  careers.com 


Advertising  Supplement 

IT  Careers:  BDPA  Focuses  on  Career  Growth,  Entrepreneurs 


When  more  than  2,500  individuals  meet  for  the 
annual  Black  Data  Processing  Association 
Conference  in  Philadelphia  Aug.  13-17,  they'll  get  a  rich 
blend  of  three  critical  career  components  —  technical 
expertise,  mentoring  and  coaching  of  individuals,  and  skills 
to  lead  start-up  and  established  businesses. 

The  conference  reflects  BDPA's  overall  mission  to  open 
the  doors  of  technology  for  African-Americans,  from 
offering  programs  to  expose  families  to  technology  to 
offering  the  latest  in  IT  skills  courses.  The  more  than  40 
chapters  found  throughout  the  United  States  offer 
programs  ranging  from  the  Homework  911  e-Learning 
hotline  to  Black  Family  Technology  Awareness  Week. 

According  to  Milt  Haynes,  BDPA  president  and  a 
feature  release  development  manager  at  Lucent 
Technologies,  that's  why  the  conference  agenda  is  far- 
reaching.  Sessions  range  from  the  latest  in  wireless 
technologies  and  the  role  of  IT  in  major  current  events  to 
performance  comparisons  of  .NET,  XML  and  Oracle.  "Our 
conference  theme  is  Classroom  to  Boardroom,  focusing  on 
the  fact  that  education  is  a  life-long  effort,"  Haynes  says. 
"We  have  to  start  at  the  elementary  school  level  to  attract, 
mentor,  coach  and  educate  individuals  for  IT  careers." 

In  addition  to  the  highly  technical  sessions,  the 
conference  is  offering  workshops  on  a  culture-specific 
approach  to  e-learning,  the  challenges  for  African 
American  women  in  the  IT  workforce  and  how  faith-based 
programs  can  assist  in  bridging  the  IT  divide.  Executive 
Pathways  includes  sessions  designed  to  help  IT 


professionals  navigate  their  careers.  As  part  of  the 
conference,  BDPA  will  also  hold  its  annual  career  fair,  this 
year  featuring  30  major  employers.  Conference  attendees 
will  be  able  to  take  advantage  of  on-site  career  coaching 
on  everything  from  resume  writing  to  interviewing  skills. 


Haynes  is  watching  over  the  conference  as  the 
outgoing  president  of  BDPA.  His  goals  have  been  simple  - 
to  build  an  infrastructure,  to  capture  data  on  existing  IT 
expertise  among  African  Americans  to  pair  up  with  hiring 
demand,  to  assist  chapters  in  bringing  the  Classroom  to 
Boardroom  program  to  their  communities  and  in  growing 
the  BDPA's  entrepreneurial  program. 

"The  biggest  obstacle  IT  professionals  face  is  in 
keeping  current  with  the  job  market,”  Haynes,  who  also 
served  on  the  Blue  Ribbon  Diversity  Panel  for  ITAA,  says. 
"We  need  to  stay  one  step  ahead  of  the  learning."  While 
outsourcing  is  a  constant  concern  for  IT  professionals, 
Haynes  believes  the  best  and  most  challenging  work  is 
remaining  in-house  where  IT  professionals  can  work  the 
customer-face  aspect  much  better  than  any  outsource 
provider.  "Companies  who  are  looking  to  the  future  want 
to  keep  development  inside  to  maintain  a  strong 
workforce,"  he  says. 


For  more  information  about  IT  Careers  advertising, 
please  contact: 

Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


OUR  PEOPLE  MAKE  THE 

Difference  wm.*makt 


Stores,  Inc. 


We’re  Looking  for  the  Future  Leaders  of  Tomorrow 


Wal-Mart  Stores.  Inc.  has  been  recognized  by 
Fortune  Magazine  as  one  of  the  most  admired  compa¬ 
nies  in  the  world.  As  our  company  continues  to 
expand,  so  does  the  opportunity  for  first-class,  talent¬ 
ed  people  to  guide  the  future  of  one  of  the  most  suc¬ 
cessful  and 

innovative  growth  companies  in  the  world. 

Put  your  career  on  a  fast  climb  and  help  us  continue  to 
set  the  industry  standard  in  information  technology. 

•  UNIX  -  C,  C++,  Administration,  Engineering, 
Informix  DBAs 

•  NT  Workstation  -  VB.VC++,  Java,  ASP,  XML 

•  IBM  Mainframe  -  COBOL,  CICS,  DB2  and 
IMS  DBAs 

•  Networking  -  Ethernet,  VSAT.  Frame 
Relay,  ATM 

•  Telecommunications 


Ready  to  do  it  all?  Candidates  interested  in  joining 
our  team  should  forward  a  resume  to: 

Wal-Mart  Information  Systems  Division 

Attn:  Recruiting  Department 

805  Moberly  Lane  M41 

Bentonville,  AR  72716-0560 

Fax:  (479)  277-4227 

E-mail:  ISDADS@wal-mart.com 

For  more  information,  call  toll-free: 
1-888-JOBS-ISD  or  visit  our 
Web  site  at: 

www.walmartstores.com 
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Software  Engineer  III:  Work  with 
engineers  and  chemists  to  ana¬ 
lyze  business  needs,  design, 
implement,  test,  modify  and 
release  client/server  web  appli¬ 
cations  to  synthesize  and  opti¬ 
mize  small  molecules  that  have 
the  potential  to  enter  clinical 
development  and  become  medi¬ 
cines.  Provide  technical  support 
for  chemists.  Design  and  devel¬ 
op  repository  gateway  for  part¬ 
ners.  Skills  include:  Java/J2EE, 
Python,  Oracle,  SQL,  XML. 
HTML,  Perl.  Shell.  JavaScript, 
C/C++,  Windows,  Linux,  UNIX, 
SGI,  chemical  informatics  toolk¬ 
its  and  other  development 
tools/platforms.  Requirements 
include  a  Master's  degree  or 
equivalent  in  Computer  Science, 
an  Engineering  discipline  or 
closely  related  field.  No  work 
experience  required.  Applicants 
must  have  unrestricted  autho¬ 
rization  to  work  in  the  United 
States.  Salary  $66,000/year. 
40  hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200202756,  Labor  Exchange 
Office,  19  Staniford  St,,  1st  FI., 
Boston,  MA  02114. 


BellSouth,  a  leader  in  providing 
local  and  cellular  telephone, 
paging  and  mobile  data  services 
has  multiple  openings  for  the 
position  of  Systems  Admin¬ 
istrator  in  its  Atlanta,  Georgia 
office:  Position  requires  relevant 
bachelor's  degree  or  foreign 
degree  equivalent  and  relevant 
experience 

For  consideration,  please  for¬ 
ward  your  resume  to:  Ms  Lisa 
Burlingame,  BellSouth.  2247 
Northlake  Parkway,  Suite  800, 
Tucker,  Georgia  30084  Please 
do  not  email  or  fax  resumes 
EOE 


ASSOCIATE  IS  ANALYST 
Resp.  for  the  dvlpmnt  &  deploy¬ 
ment  of  SAP  sys.  for  the  co. 
Specific  duties  include:  (i)  gath¬ 
ering,  dsgng,  configuring,  script¬ 
ing,  integrating  &  testing  comp, 
scripts,  interfaces  &  programs 
for  a  multi-landscape  environ¬ 
ment;  (ii)  documenting  related 
interfaces;  (iii)  assisting  Staff 
Consultants/SAP  Sys.  Analysts 
in  evaluating  user  reqmnts  for 
new  or  modified  programs;  (iv) 
utilizing  all  components  of  SAP 
dvlpmnt  environment  to  combine 
pre-dvlpd  software  objects 
w/customized  programming  &  to 
generate  applns  that  are  highly 
integrated  w/the  SAP  R/3  sys.;  & 
(v)  providing  tech,  support  to 
users  of  SAP  programs.  MS  in 
Comp.  Sci.,  Mgmt  Info.  Sys.  or 
Bus.  Must  have  working  knowl¬ 
edge  of  UNIX,  Pert.  Cold  Fusion 
sys.  dvlpmnt  life  cycle  as  well  as 
comp,  hardware  &  operating 
sys.  High  mobility  preferred.  40 
hrs/wk,  OT  as  reqd,  8  am  -  5  pm. 
$64,240/yr  Qualified  applicants 
please  submit  resume  to: 
Manager.  Beaver  County  Team 
PA  Career  Link.  2103  Ninth 
Avenue.  Beaver  Falls.  PA 
15010-3957  Please  refer  to 
Job  Order  No.  WEB  346310. 


Computer  Support  Spec.: 
Marietta,  GA.  Provide  tech¬ 
nical  support;  maintain 
commercial  credit  card 
information  system;  coordi¬ 
nate  conversion  to  new 
hardware  and  software. 
Req'd:  BS  (or  foreign 
equiv.)  in  Elec.  Engin., 
Comp.  Science  or  rel.  field 
&  2  yrs  exp.  in  job  offered  or 
as  Programmer/Analyst. 
Resumes  to:  Fast  Trip 
Corp.,  640  Whitlock  Av , 
Marietta,  GA  30064. 
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Luckily,  We  Are  Too! 


itcareers.com  is  now  powered 
by  CareerJournal.com! 

Search  for  jobs  and  post 
your  resume  here  on 


www.itcareers.com 


Principal  Software  Cons¬ 
ultant/Developer  to  provide 
strategic  &  tactical  definition 
and  direction  to  Co's  Fund 
Analysis  &  Research  Group. 
Will  support  recurring  &  ad 
hoc  requests  for  data  and 
analysis;  will  manage  devel¬ 
opment  stage  of  project  lifecy¬ 
cles  to  include  creating  writ¬ 
ten  system  requirements, 
applications  development, 
coordinating  QA  testing  & 
implementing  resulting  sys¬ 
tems  solutions  in  a  highly 
matrixed  work  environment. 
Will  enhance  unit's  Sybase 
database  tables  &  Perl  load¬ 
ers  to  support  loading  &  dis¬ 
seminating  data  using 
Morgan  Stanley  Capital 
International/Standard&Poor 
(MSCI/SP)  sector  schemes, 
perform  analysis,  design  & 
implement  the  data  model  for 
Marketing  Event  Planner;  cre¬ 
ate  &  modify  Sybase  stored 
procedures;  migrate  Sybase 
SP  and  Perl  loaders  into  new 
Sybase  environment;  and 
also  redesign  and  improve 
data  warehouse  ETL 
(Extraction  &  Transformation 
Layer)  process  written  in 
PERL  and  run  over  UNIX 
Solaris  Platform.  Requires 
Bach  or  equivalent  in 
Computer  Science,  Engin¬ 
eering,  Math,  or  Physics  and 
5  years  in  job  offered  OR  5 
yrs  exper  in  client/server 
development,  OR  Master's  or 
equiv  in  C.Sc.,  Eng,  Math,  or 
Physics  and  3  years  in  job 
offered  OR  3  yrs  in  client/ 
server  development.  Candi¬ 
date  must  also  possess 
demonstrated  expertise  in 
Sybase  and  Oracle  database 
design  &  administration; 
demonstrated  expertise 
developing  application  in  Perl, 
Unix  shell  script,  SQL  and 
C++;  and  demonstrated 
expertise  in  data  modeling 
and  data  warehousing  mod¬ 
eling,  Salary  $77,000/yr,  M-F, 
9AM-5PM.  Send  2  resumes  to 
Case  #  200202126,  Labor 
Exchange  Office,  19  Staniford 
St„  1st  fl.,  Boston,  MA  02114. 
EOE.  Applicants  must  be 
U.S.  workers  eligible  to 
accept  full-time  employment 
in  U.S. 


PROGRAMMER/ANALYST 
sought  by  NJ  based 
Securities  Dealer.  Must  pos¬ 
sess  Bachelor's  or  equivalent 
in  Electronics  Engineering  or 
directly  related  field  and  2 
years  exp.  in  software  devel¬ 
opment/design  and  analysis, 
implementation  and  testing 
using  J2EE,  ASP,  PL/SQL, 
RDBMS,  Oracle,  UNIX, 
Windows.  Respond  to: 
Human  Resources  Depar¬ 
tment  #GLM-806RJ:  Knight 
Trading  Group,  Inc.,  525 
Washington  Blvd.,  Jersey 
City,  NJ  07310. 


Programmer:  Develop/write 

computer  programs  &  maintain 
company  Artificial  Intelligence 
systems  using  SICStus  PRO¬ 
LOG,  C++,  Java,  JavaScript. 
Win2000,  Unix,  etc.  Also  assist 
in  the  development  &  mainte¬ 
nance  of  company's  proprietary 
middle  tier  software  program. 
Req.  BS  in  Com.  Sc.  or  closely 
related  field  +  2  yr  exp.  in  job 
offer  or  Software  Engineering. 
Resume  to  Personnel  Mgr, 
WebTone  Technologies.  3535 
Piedmont  Rd.  Ste  800,  Atlanta, 
GA  30305 


JCPenney  :s  an  Internationa  retaile' 
with  an  expanding  web  presence 
in  addition  to  our  t-aditional 
catalog  and  stores. 

Information  Technology  Opportunities 

From  our  sophisticated  on-line 
order  entry,  point-of-sale,  and 
merchandise  replenishment  systems, 
to  one  of  the  largest  private 
telecommunications  networks 
anywhere,  it's  a  world  of  change 
when  it  comes  to  technology 

Information  Technology  will  play 
an  oven  more  pivotal  role  in  the 
JCPenney  of  the  future. 

Ded.cated  applications  spec  alists 
are  a  key  element  in  our  plans 
for  cortin  jed  success  and 
market  leadership. 

One  of  our  strategies  is 
ensuring  that  JCPenney  stays 

A  Great  Place  to  Work'! 


it’s  all  inside. 
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JAVA  DVLPR. 

Anlyze.  &  dvlp.  existing  or  pro¬ 
posed  sftwre.  applications.  Dvlp. 
Java-based,  srvr.  side  compo¬ 
nents  to  meet  client  specified 
user  reqs.  Dvlp.,  implement,  & 
improve  prgms.,  applications,  & 
related  procedures  to  proces 
data  using  in-depth  knwldge.  of 
sftwre.  dvlpmnt.  life  cycle. 
Encode,  test,  debug  &  install 
operating  prgms,  &  other  appli¬ 
cation  sftwre.  utilizing  knwldge. 
of  Java  prgmng.  tools. 
Bachelor's  (or  equiv.).  in  Comp. 
Sci.,  Math,  Engrg.,  Bus.  or 
Commerce  plus  2  years  experi¬ 
ence  in  offered  position  or  as 
Sftwre.  Engr.,  Prgmmr.  Analyst, 
or  Systms.  Analyst  required. 
Exprnce.  must  include  knowl¬ 
edge  of  Java,  EJB  and  Swing 
prgmmng.  languages;  Oracle  or 
DB2  dtbses.;  Websphere, 
Weblogic,  or  Apache  applica¬ 
tions;  and  operating  systms.  (at 
least  one  from  List  A  and  one 
from  List  B):  List  A  includes  Sun 
Unix.  HP  UNIX  &  AIX.  List  B 
includes  Windows  NT  or 
Windows  2000.  40  hrs/wk,  8  am 
-  5  pm.  $64,240/yr.  Qualified 
applicants  report/submit  resume 
to  Mon  Valley  Regional 
CareerLink,  ATTN:  Actg.  CL 
Program  Supervisor,  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora,  PA  15033.  Refer 
to  Job  Order  Number 
WEB346288. 


Medical  Database 
Systems  Manager 

Manages,  administers,  main¬ 
tains,  and  configures  a  Unix/ 
Linux/Windows/Mac  LAN  based 
client/server  system  including 
use  of  NIS  and  NFS  to  perform 
disk  and  file  sharing  with  Samba 
system.  Integrates  multiple 
online/offline  medical  and  genet¬ 
ic  research  databases  and 
insures  that  such  databases  are 
capable  of  biology  driven  data 
mining.  Requires  a  Bachelor's 
degree  in  Computer  Science 
and  one  year  direct  experience. 
Send  resume,  no  calls,  to: 

Medical  College  of  Wisconsin 
Attn;  Employment  Office- 
JMC0811 

8701  Watertown  Plank  Rd. 

Milwaukee.  Wl  53226 
Fax:  414-456-6502 


Consultant,  Financial  Business 
Systems  to  analyze  complex 
IBM  MVS  mainframe  based 
revolving  credit  card  portfolio 
Vision  21  and  Vision  Plus  soft¬ 
ware  business  systems  and 
subsystems  to  direct  team  mem¬ 
bers  in  the  design,  development, 
implementation,  and  modifica¬ 
tion  of  software  business  sys¬ 
tems  to  insure  that  systems 
enhancements  such  as  late  pay¬ 
ment  fee,  skip  payment,  credit 
line  underwriting,  overlimit  fees, 
and  authorization  match-off  are 
properly  integrated  into  the 
appropriate  Vision  based  CMS 
posting  system.  Establishes 
parameters  for  daily  batch 
cycles,  supervises  team  mem¬ 
bers  in  coding  for  Vision  Plus 
integration  with  VSAM  data¬ 
base,  and  performs  systems 
functionality  analysis,  unit  test¬ 
ing  and  technical  design  of  sys¬ 
tem  including  customization  of 
system  to  meet  various  end 
users  business  analysis  require¬ 
ments.  Requires  Bachelor's 
Degree  in  Computer  Science, 
Math,  or  any  Engineering  Field 
and  three  years  direct  experi¬ 
ence.  Work  Location:  636  Grand 
Regency  Blvd,  Brandon,  Florida 
Send  resumes  only,  no  calls,  to: 
Kathi  Nogle,  Household.  2700 
Sanders  Rd.,  Prospect  Heights, 
IL  60070. 


BellSouth,  a  leader  in  providing 
local  and  cellular  telephone, 
paging  and  mobile  data  services 
has  multiple  openings  for  the  fol¬ 
lowing  positions  in  its  Atlanta. 
Georgia  office: 

Senior  Software  Developer 
Software  Engineer 
Channel  Analyst 

All  positions  require  a  relevant 
bachelor's  or  master's  degree  or 
foreign  degree  equivalent  and 
relevant  experience  including 
experience  with  Homebase  soft¬ 
ware. 

For  consideration,  please  for¬ 
ward  your  resume  to:  Ms.  Lisa 
Burlingame,  BellSouth,  2247 
Northlake  Parkway,  Suite  800 
Tucker,  Georgia  30084.  Please 
do  not  email  or  fax  resumes. 
EOE 
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Share  our  vision 

and  you'll  see  what's  possible. 

MasterCard.  Focused  on  Diversity. 

At  MasterCard  International,  we  believe  the  surest  way  to 
attract  and  retain  the  best  talent  is 
by  embracing  a  broad  spectrum  of 
ideas  and  opinions.  It's  this 
commitment  to  a  diverse  culture 
that  has  helped  make  us  a  leader 
in  the  global  payments  industry. 

To  learn  more  about  opportunities 
at  MasterCard,  visit  us  at  www.mastercardintl.com 


MasterCard 

International 


An  oqnal  opportunity  employe. 


Programmer/System  Analysts, 
S/W  Engineers  wanted  by 
Innovative  Consulting.  Cand¬ 
idates  must  have  degree  Skills 
in  Oracle,  Java,  SAP,  SQL.  VB, 
WebLogic/WebSphere  &  Unix 
will  have  preference.  Travel 
required  for  some  positions. 
Please  send  resumes  to: 
info@icscorpusa.com. 

Medical  Data  Processing  is  look¬ 
ing  for  system  analyst,  database 
administrator.  Duties  include 
design  &  implement  web  based 
medical  billing  software  &  sys¬ 
tems  Qualified  candidates  must 
have  minimum  BS  with  experi¬ 
ence  using  Java,  Java  Swing. 
Apply  at  leonard@mdp.com. 
EOE 


Prog/Analysts  to  analyze, 
design  and  develop  s/w  appls 
using  Java.  CORBA,  XML, 
XSLT,  HTML,  Jscript,  JDBC, 
etc.  under  Windows/UNIX  OS; 
perform  Enterprise  Application 
Integration  using  Vitria 
BusinessWare;  perform  onsite/ 
offsite  maintenance,  documen¬ 
tation,  debugging,  testing,  and 
code  optimization.  Require  BS 
or  foreign  equiv.  in  CS/Engg. 
(any  branch)  &  2  yrs  of  exp.  in 
IT.  F/T,  High  salary,  travel 
involved.  Resume  to  HR, 
Ordusion  Technologies,  Inc., 
3883  Rogers  Bridge  Road, 
Suite  504,  Duluth,  GA  30097 


Technical  Leads  needed. 
Seeking  candidates  possess¬ 
ing  BS  or  equiv.  and  rel.  work 
exp.  Part  of  the  req.  rel.  work 
exp.  must  include  2  years 
working  with  Unix  and  Oracle. 
Duties  include:  Plan  and  coor¬ 
dinate  IT  projects;  Supervise 
and  direct  team.  Work  with 
Unix,  RDBMS,  Oracle,  .NET 
Technologies  and  PL/SQL. 
Mail  res.,  ref.  and  salary  req. 
to:  Computer  Consulting 
Corporation,  10  W.  Park 
Street,  Metals  Bank  Building, 
Suite  612,  Butte.  MT  59701. 


Get  Ahead  In  Your  Career! 


BDPA,  The  Premier  Organization  For  African  Americans 
In  Information  Technology,  Invites  You  To  Attend  The... 


BDPA  National  Conference 


CAREER  EXPO 

August  15  -16,  2003  •  Philadelphia  Marriott 

Friday,  August  15:  10:00am  -  6:00pm  •  Saturday,  August  16:  10:00am  -  4:00pm 
FREE  ADMISSION  TO  THE  CAREER  EXPO! 

Employers  Include:  Abbott  Laboratories  •  Accenture  •  Advanced  Reasoning  Systems  •  Anthem  Blue 
Cross  Blue  Shield  •  AstraZeneca  •  Cardinal  Health  •  Computer  Associates  •  Compuware  Corporation  • 
Dell  Computer  •  Deloitte  Consulting  •  FleetBoston  Financial  •  GlaxoSmithKline  •  Greenwich  Technology 
Partners  •  Hewitt  Associates  •  Household  International  •  Iowa  Fluman  Resource  Recruitment 
Consortium  •  Mayo  Clinic  •  McDonalds  Corporation  •  Merck  &  Company  •  Performigence 
Corporation  •  Sears  Roebuck  &  Co.  •  Siebel  Systems  •  Siemens  Business  Services  •  Thomson 
West  •  Toyota  Motors  •  Unisys  •  The  Vanguard  Group  •  Verizon  Wireless  •  Wachovia 

For  the  latest  information,  please  visit  us  at  www.shomex.com/bdpa. 

Employers  -  To  exhibit  at  the  Career  Expo,  please  call  Gloriann  Clark  at  310-309-4409. 


To  register  or  get  more  information  on  attending  the 
conference,  which  features  over  30  workshops,  please  call 

800-727-BDPA  or  visit  us  at  uuwvu.bdpa.org/conference.cfm 


Sr.  SW  Engr.-  Develop,  inte¬ 
grate,  maintain  &  test  complex 
communication  protocols  includ¬ 
ing,  but  not  limited  to:  Sigtran, 
SS7/CCS7  &  ISDN.  Participate 
in  design  &  code  reviews  of  new 
SW  &  modifica'ns  to  exist'g  SW. 
Develop,  maintain  &  test  tele¬ 
com  applications  &  system  SW 
responsible  for  configuring  & 
controlling  the  system,  internal 
communication  between  SW 
entities,  fault  tolerant  &  redun¬ 
dant  operation  of  SW.  Analyze 
&  document  computerized  tele¬ 
com  system  SW  reqs.,  function¬ 
al  specs.,  architectural  specs.  & 
design  specs.  Must  have  M  S.  in 
Comp.  Eng'g,  Comp.  Sci.,  E.E. 
or  equiv.,  +  2  yrs.  exp.  in  job 
offered  or  2  yrs.  exp  w/telecom 
SW  development.  (Exp.  may  be 
gained  before  or  after  M.S.).  In 
the  alternative,  employer  will 
accept  Bachelor's  degree  +  5 
yrs.  of  progressively  responsible 
post-grad  SW  development 
exp.,  including  2  yrs.  telecom 
SW  developmt.  exp.  Must  have 
proficiency  in  C  programming, 
as  well  as  knowledge  of  telecom 
protocols.  40  hrs/wk;  Salary: 
$92,833/yr.  Send  2  copies  of 
resume  to:  Case  #200201646, 
2002  Labor  Exchange  Office,  19 
Staniford  St  1st  FI,  Boston  MA 
02114. 


City  cf 
retchikan 


V 


Ketchikan  Public  Utilities 
Telephone  Division  is  a  rural, 
wireline  telephone 
company  (LEC) 
servicing  over  8,000 
customers  with 
2,000  lines. 


KPU  is  currently  looking  for  a  person  with  knowledge  of  voice,  data, 
and  optical  communication  internetworking.  Knowledge  of  AFC 
DSLAM  &  Telliant  products  would  be  a  plus.  Intimate  knowledge  of 
Switched  Ethernet,  IP  Television,  Routing  Protocols,  TCP/IP,  and 
MPLS,  is  highly  desirable.  Exposure  to  DMS100  and  wireless  tech¬ 
nology  would  be  helpful.  Candidate  should  be  proficient  in  use  of 
advanced  diagnostic  tools  including  NMS  management  tools.  Must  be 
able  to  work  well  in  a  team  environment  and  provide  leadership  to  work 
tasks.  Minimum  of  4-years  work  experience  in  IP  IT  is  required,  formal 
education  preferred.  This  is  a  full  time  position  contingent  on  six  (6) 
month  probation,  $33. 17/hr.  plus  benefits. 

This  position  is  open  until  filled.  Complete  job  description  and 
application  available  on  the  City's  Website  at 
www.city.ketchikan.ak.us  or  the  City  of  Ketchikan  334  Front 
Street,  Ketchikan,  AK  99901,  E-mail  carolh@city.ketchlkan.ak.us 
or  Phone  (907)  228-5631.  EOE/AA. 


www.city.ketchikan.ak.us 


Software  Eng'r 

Q-Lytics  Consulting  Inc  seeks 
Software  Dev't  Eng'r  in 
Wescosville,  PA.  Assist  to  devel¬ 
op  applications  incl.  Oracle  + 
Web  applies  (standalone  +  n- 
tier)  Analyze  software  req's; 
work  w /  eng  team;  dev  testing, 
programming  +  docs;  upgrades 
♦  maint;  also  db  design  ♦  mod¬ 
eling  Use  technologies  Incl. 
UML  IBM  WebSphere.  Web- 
Logic,  Java,  J2EE  XML,  ERP, 
Oracle,  DB2,  CRM,  Jbuilder, 
Visual  Age  foi  Java.  Toad. 
DBArtisan  +  Vantive  Must 
have  Masters  in  Computer  Sci.  + 
6  mos  relevant  exp  Resume  to 
Q-Lytics.  HR,  1011  Brookside 
Road  Ste  140,  Wescosville  PA, 
18106. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville,  TN  Senior  Programmer 
Analyst  Formulate/define  function¬ 
al  requirements  and  documentation 
based  on  accepted  user  criteria 
Requirements:  Bachelor’s  degree" 
or  equivalent  in  computer  science. 
MIS.  math,  engineering  or  related 
field  plus  5  years  of  expenence  in 
systems/applications  development. 
Experience  with  J2EE  development 
using  UML  modeling;  UNIX  Scnpt- 
ing;  and  SQL  Scnpting  also  re¬ 
quired  "Master's  degree  in  appro¬ 
priate  field  will  offset  2  years  of 
general  experience  Submit  res¬ 
umes  to  Sibi  George.  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd  .  Suite  1400.  Orlando. 
FL  32810.  EOE  M/F/D/V 


Prog  Analysis  to  analyze,  design, 
code  and  maintain  web/client 
server  applications  using  Java, 
C.  C++.  CORBA,  J2EE,  HTML. 
Servlets,  XML,  Weblogic  Server, 
IIS,  Oracle.  MS  Access  etc  under 
Windows.  Sun  Solaris  OS;  per¬ 
form  automation  of  functional/ 
regression  testing  with  Win- 
Runner,  eTester  and  Astra  Quick 
Test;  provide  on  site  mainte¬ 
nance  support  such  as  debug¬ 
ging,  modifications,  fine  tuning  & 
code  optimization.  Require:  BS 
or  foreign  equivalent  in  CS / 
Engg(any  branch)  with  2  yrs  exp 
in  IT  High  salary.  F/T,  Travel 
involved.  Resume  to:  HR, 
Semafor  Technologies.  Inc,  3300 
Holcomb  Bridge  Road.  Suite 
212,  Nor  cross.  GA  30092 


Programmer/Analyst,  Must 
have  Bachelor's  in  Computer 
Science  or  its  functional 
equiv.,  and  2yrs  exp.  Oversee 
company  technology  system; 
analyze  user  needs,  system 
capabilities.  Install,  upgrade 
software.  Develop  programs 
to  improve  production  or 
workflow  as  req'd.  40  hrs/wk. 
9AM-5PM  Competitive 
salary.  Send  resume  to:  USA 
Grocers  Management,  7284 
W.  Palmetto  Park  Rd.,  Ste 
101  South,  Boca  Raton,  FL, 
33433. 


Computer  Programmer,  de¬ 
velop  &  write  business  apps 
computer  progs,  using  Java. 
JSP,  JDBC  &  SQL  for  docu¬ 
menting,  data  entry,  retrieval 
&  testing  prog  websites.  Req: 
B  S.  in  Computer  Science, 
Computer  Engineer  or  Elec¬ 
trical  Engineer.  40  hrs/wk 
Job/interview  site:  San  Bern¬ 
ardino,  CA.  Send  resume  to: 
Econo  Lube  N  Tune.  1685  W 
Kendall  Dr,  San  Bernardino, 
CA  92407 


Network  Engineer:  (2)  Job 
location:  Matthews,  NC. 
Design,  develop  &  imple¬ 
ment  software  solutions. 
Analyze  requirements  for 
reservations  sys.,  account¬ 
ing,  credit  cards,  payroll  & 
personnel.  Test  procedures 
&  perform  network  adm. 
Req.:  Bachelor's  deg  (or 
equiv.)  in  Comp  Info.  Sys. 
(or  other  IT  field  or  related) 
Resume  to:  NDASR 

Investments,  1600  S.  Hwy. 
81/287,  Decatur,  TX  76234. 
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TechNation  Software  Consulting, 
Inc,  a  software  consulting  company 
with  its  main  place  of  business  at 
Sioux  Falls,  SD  has  multiple  posi¬ 
tions  for  Software  Professionals. 

Sr.  Software  Engineers:  BS  in  CS, 
or  equivalent  with  more  than  5  years 
of  recent  programming  experience 
or  MS  in  CS  with  more  than  3  years 
of  such  experience.  Duties  entail 
programming,  gathering  user  re¬ 
quirements  and  customization  of 
software  in  either  of  a)  Database 
Systems  which  involves  database 
design,  data  modeling  working  in 
both  front  end  as  well  as  backend 
applications  on  Unix  and  Windows 
platforms.  Or  in  b)  systems  side  pro¬ 
gramming  in  Unix,  C,  C++  which  in¬ 
volves  product  development,  work¬ 
ing  on  telecom  protcols  or  develop¬ 
ment  of  device  drivers. 

Both  positions  require  knowledge  of 
allied  Internet  technologies  like 
Java.  JSP,  XML,  J2EE  and  ASP. 
Unix  Systems  administrators:  BS 
in  Computer  Sciences  or  equivalent 
with  atleast  five  years  of  experience 
in  an  enterprise  environment,  (i.e. 
more  than  500  users)  Duties  include 
extensive  use  of  Network  Imple¬ 
mentation  and  Administration,  Sys¬ 
tem  Integration,  Backup  and  recov¬ 
eries,  shell  scripting  and  System 
Securities.  Experience  in  Manage¬ 
ment  of  Enterprise  Network  Storage 
devices  (SAN  or  NAS),  HP  and 
Solaris  Servers,  switches,  HUBs 
and  in  Veritas  NetBackup  systems. 

TechNation  provides  onsite  consult¬ 
ing  services  to  clients  across  the 
United  States  and  hence  a  key 
requirement  for  all  positions  is  that 
candidates  must  be  willing  to  relo¬ 
cate  across  the  country  for  periods 
between  3-6  months  or  as  needed. 

Send  resumes  to  Rona  Troff,  300  N. 
Dakota  Ave.  Suite  #505-B,  Sioux 
Falls,  SD  57104  or  email  to 
rtroff@tnscinc.com.  Fax:  530-733- 
2775. 


IT  Consultant:  Roundarch,  Inc. 
seeks  an  individual  for  its  Chicago 
office  to  develop  &  deploy  complex 
web  content  management  systems 
(CMS)  &  portal  systems  for  consult¬ 
ing  clients  using  web-based  devel¬ 
opment  techniques  &  JAVA,  HTML, 
DHTML  &  XML  languages.  Suc¬ 
cessful  candidates  will  have  a  rele¬ 
vant  Bachelor's  degree  in  CS,  EE 
or  related  and  at  least  4  yrs.  exp.  in 
software  development  consulting, 
at  least  3  yrs  of  which  is  in  web- 
based  development  of  content 
management  systems  using  HTML 
&  XML.  Resume  to:  Roundarch 
Inc.,  do  Deloitte  Consulting,  attn 
Cathe  Slocum,  2  Tower  Center 
Blvd,  East  Brunswick,  NJ  08816  or 
fax  732-296-6454. 


Computer  Support  Specialist  - 
Assist  &  maintain  networked 
comp.  system  manag'g 
d/base,  dvlpg  customized 
reports  thru  integrated  info 
system.  Dvlp  bilingual 
(Eng/Span)  website  &  tech, 
SQL,  applies  &  VB  doc.  Write 
interfaces  &  modify  system  to 
S.  Amer  format  to  meet  needs 
of  Latin  Amer  mkt.  Train 
users.  35  hrs.  2  yrs  coll  Syst 
Engg  or  Info  Syst  (or  for 
equiv)  +  2  yrs  exp.  Fax 
resume  &  salary  reqmts  to  Mr. 
Perez,  (305)  275-4559. 


The 

right  skills 
fuel 

the  new 
economy. 


Senior  Software  Engineer: 
Design,  develop,  &  implement 
off-the-shelf  software  solutions 
providing  web-based  billing  & 
presentment,  &  account  man¬ 
agement  using  Java  in  a  UNIX, 
Solaris,  &  NT  shrink-wrapped 
development  environment. 
Analyze  &  design  software  appli¬ 
cations  in  n-tiered,  web-based 
environment  using  OOA/OOD 
principles  &  UML  modeling 
tools.  Debug  &  solve  complex 
problems  in  distributed  environ¬ 
ments  using  VisiBroker,  C++, 
Netscape,  Oracle,  VisualCafe, 
VJ++,  &  Integrated  Develop¬ 
ment  Environment  tools  from 
Microsoft.  Design,  implement,  & 
test  relational  database  com¬ 
prised  of  stored  procedures  & 
triggers  to  maintain  data  integri¬ 
ty  with  Oracle  &  MS-SQL. 
Implement  GUI  tools,  elements 
in  user  interface  &  business 
logic  using  Java/XML,  Visual 
Bdsic,  C/C++  programming  & 
Internet  communications/securi¬ 
ty  skills.  Design,  develop,  & 
implement  n-tier  architecture 
solutions  for  internet  based 
applications  on  Windows  plat¬ 
form  using  IIS,  ASP,  SQL,  & 
native  Windows  technologies. 
Bachelors  degree  (or  foreign 
equiv.)  in  Comp.  Sci /  Comp. 
Eng'g/Elect.  Eng'g  or  closely 
related  field.  &  5  yrs  of  progres¬ 
sively  responsible  experience  in 
job  offered  or  as  Software 
Developer/Eng'g.  In  lieu,  will 
accept  Master's  degree  (or  for¬ 
eign  equiv.)  in  Comp.  Sci  / 
Comp.  Eng'g/Elect.  Eng'g,  or 
closely  related  field,  plus  3  yrs  of 
experience.  Requires  demon¬ 
strated  expertise  in  completion 
of  2  full  development  cycles  in 
Windows  environ.,  including 
analyzing  &  designing  software 
applications  using  OOA/OOD 
principles  &  UML  modeling 
tools,  &  demonstrated  expertise 
in  analyzing  various  legacy  print 
stream  data  file  formats,  includ¬ 
ing  Advanced  Function 
Presentation,  MetaCode,  DJDE, 
&  PDF,  as  well  as  architecting 
solutions  for  extracting  &  manip¬ 
ulating  data.  40+  hrs/wk;  8a-5p 
(M-F);  $90,500.00/yr.  Submit 
resume  in  duplicate  to:  Case 
#200202545,  Labor  Exchange 
Office,  19  Staniford  St,  1st  fl, 
Boston,  MA  02114.  EOE 


SOFTWARE,  Sr. 
Systems  Analyst. 
Complete  Business 
Services  in  SF,  C++, 
Java,  ASP,  Silktest  (or 
equiv).  Test/develop 
software  systems  and 
products.  MSCS/IS.  1 
yr.  exp.  Salary 
$80,890.  Fax  resume 
(415)  584-5226. 


Programmer  Analyst 
needed  w/exp  in  using 
Sybase,  MS  SQL 
Server,  Erwin,  CAST, 
Rational  Rose,  VB,  MS 
Access,  JAD,  RAD,  Sun 
Solaris  &  Windows 
2000.  Send  resumes  to: 
Triple  Point  Tech.,  Inc., 
301  Riverside  Ave  , 
Westport,  CT  06880.  No 
in  Person  Resumes. 


Senior  Software  Developer  to 
participate  as  high  level  techni¬ 
cal  expert  in  the  design,  devel¬ 
opment,  coding,  testing,  and 
debugging  of  financial  distrib¬ 
uted  applications  including, 
Centralized  Transaction  Module 
for  trade  processing.  High 
Volume  Client  Transactional 
Web  Applications.  and 
Depository  Trust  &  Clearing 
Corp.  and  Federal  Reserve  and 
Legacy  applications.  Utilize 
Rational  Suite  of  products  for 
design  and  Web-based  solu¬ 
tions  for  development. 
Specifically,  design  and  develop 
enterprise-wide  applications  ser¬ 
vices  using  Java  J2EE  applica¬ 
tion  server,  IBM  MQ  middleware 
solutions,  and  Oracle  database 
systems.  Develop  applications 
for  real-time  systems  using 
Java,  HTML,  Javascript,  Shell 
Scripts,  XML,  XSLT,  and 
PL/SQL.  Work  on  UNIX, 
Windows  NT,  and  SUN  OS  oper¬ 
ating  systems,  and  use  Java, 
C++,  and  C  languages.  Also 
assist  junior  Software 
Developers  to  implement  techni¬ 
cal  designs  and  support  devel¬ 
opment  processing  including 
database  design.  Requirements: 
Master  Degree  in  Computer 
Science,  Engineering  or  a  close¬ 
ly-related  field  and  three  (3) 
years  experience  in  job  offered 
or  three  (3)  years  experience  as 
Software/Systems  Engineer  OR 
Bachelor  Degree  and  five  (5) 
years  progressive  experience. 
Candidate  must  also  possess 
demonstrated  expertise  design¬ 
ing  and  developing  enterprise¬ 
wide  applications  services  using 
Java  J2EE  application  server, 
middleware  solutions,  and 
Oracle  database  systems: 
demonstrated  expertise  design¬ 
ing  and  developing  applications 
using  Rational  Unified  Process 
and  WebGain  Studio  tools; 
demonstrated  expertise  devel¬ 
oping  IBM  MQ  based  applica¬ 
tions  involving  exchange  of  data 
between  Legacy  and  UNIX  sys¬ 
tems;  and,  demonstrated  exper¬ 
tise  developing  applications  for 
real-time  systems  using  Java 
Servlets,  Shell  Scripts,  XML, 
XSLT,  HTML,  and  PL/SQL.  40+ 
hours/week,  9:00AM  to  5:00PM, 
$86, 300/year.  Submit  two  (2) 
copies  of  resume  to  Case 
#200202570,  Labor  Exchange 
Office,  19  Staniford  Street,  1st 
floor,  Boston,  MA  02114.  Must 
have  proof  of  legal  authority  to 
work  permanently  in  the  U.S. 


Programmer,  Engg  &  Sc.,  8a-5p, 
40  hrs/wk.  Formulate  tech'l 
specs  for  mechanical  &  industri¬ 
al  processes/procedures  auto¬ 
mation  &  applies;  prep  detailed 
workflow  chart  for  input,  output 
&  logical  operations;  test  systm; 
prep  tech'l  documentation;  prgm 
websites  using  client-server 
technology,  e-commerce  appli¬ 
cation  dvlpmt,  Java,  EJB,  JSP  & 
XML.  Bach  or  equiv  deg  w/major 
in  Info  Systms,  Comp  Sci  or 
Engg,  Electronics.  Electrical, 
Mechanical,  Industrial  or  related 
Sci/Engg.  1  yr  exp  in  job  or  as 
comp  profl  w/above  skills. 
Resume  to:  GTS,  Inc.  3761 
Venture  Dr  ,  Bldg.  100,  Suite 
#240,  Duluth.  GA  30096. 


Telephony  Solutions  Developer: 
BS  +  2  yrs  exp  to  incl  Dialogic 
GLobalCall,  ATL,  Visual  C++, 
Visual  Studio.NET,  SQL  Server, 
COM/DCOM,  Brooktrout 

RealCT  SDK  &  call  processing 
on  digital  &  analog  circuits  req. 
Systems  Analyst:  BS  +  2  yrs  exp 
to  incl  Visual  Studio,  SQL 
Server,  Visual  C++,  ATL.  Exp 
reqd  in  documenting  scope  & 
dsgn,  dvlpmt  &  deployment  of 
NET  solutions  req.  Both  pos  req 
MCSD  &  demonstrated  busi¬ 
ness  communication  skills  as 
well  as  verifiable  refs  for  above 
reqmts.  Apply  to  jobs2003@a-t- 
g.com,  Des  Moines,  IA 
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SI  Sales  Offices 


Carol  Lasker,  Associate  Publisher/Vice  President 
Jnne  Weissman,  Sales  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Hew  Vork/New  Jersey 

Tom  Oavis,  Associate  Publisher.  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Mid-Atlantic 

Jacqui  DiBianca.  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Intemot:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 


Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 

Karen  Wilde,  Regional  Sales  Manager 

Miles  Dennison,  Regional  Sales  Manager 

Maricar  Lagura,  Office  Manager/Sales  Assistant 

Teri  Lowe,  Sales  Assistant 

Internet:  skupiec,  kwilde,  mdenmson,  mlagura, 

tlowe@nww.com 

(510)  768-2800/FAX:  (510)  768-2801 


Southwest/Rockies 

Becky  Bogart  Randell,  Senior  District  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 


Southeast 

Don  Seay,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dseay,  chorgan@nww.com 
(404)  845-2886/FAX:  (404)  250-1646 


Customer  Access  Group 

Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 

Manager,  Customer  Access  Group 

Shaun  Budka,  Director,  Customer  Access  Group 

Kate  Zinn,  Sales  Manager,  Eastern  Region 

Caitlin  Horgan,  Sales  Assistant 

Internet:  tdavis,  sbudka,  kzinn,  chorgan@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 

Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director,  Online  Services 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Douglas,  Online  Operations  Manager 
Internet:  adoucette.  jkalbach,  sgutierrez,  dlovell, 
kdouglas@nww.com 
(610)  341-6025/FAX:  (610)  971-0557 


MARKETPLACE 

Response  Card  Decks/ Marketplace 

Richard  Black.  Director  of  Marketplace 
Karima  Zannotti,  Senior  Account  Manager 
Enku  Gubaie,  Senior  Account  Manager 
Amie  Gaston,  Account  Manager 
Chris  Gibney,  Sales  Operations  Coordinator 
Internet:  rblack,  kzannott,  egubaie,  agaston, 
cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 


■  Network  World.  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstnamejastname@nww.com 

EvileeThibeault,  CEO/Publisher 

John  Gallant  President/Editorial  Director 

Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Human  Resources  Representative 

MARKETING 

TerryAnn  Croci,  Senior  Director  of  Marketing 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Senior  Marketing  Designer 
Cindy  Panzera,  Graphic  Specialist 

GLOBAL  PRODUCT  SUPPORT  CENTER 

Nancy  Sarlan-Parquette,  Sr.  Product  Marketing  Manager 
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BaCkSpm  Mark  Gibbs 

Rotten  to  the  core 


“We  are  in  the  process  of  rebuilding 
our  ethics  program  and  understand 
that  there  is  still  more  work  to  do.” 

—  Michael  Capellas,  Chairman  and 
CEO,  MCI  (Associated  Press) 

I  was  going  to  follow  up  last  week’s 
column  on  solving  the  spam  equa¬ 
tion  with  a  discussion  of  anti-spam  technologies  but 
we’ll  get  to  that  next  week.This  week  I  want  to  talk 
about  the  MCI  affair. 

As  if  cheating  in  its  accounting  wasn’t  enough  ($1 1 
billion  for  Pete’s  sake!),  the  Justice  Department  is 
now  investigating  accusations  that  MCI  defrauded 
other  telephone  companies  of  hundreds  of  millions 
of  dollars  by  routing  long-distance  calls  as  local 
calls  as  well  as  diverting  other  calls  via  Canada  to 
avoid  paying  U.S.  local  carrier  access  fees. 

And  as  if  that  wasn’t  serious  enough,  now  the  gov¬ 
ernment’s  General  Services  Administration  (GSA) 
has  suspended  all  new  business  with  MCI  after  its 
own  investigation  concluded  that  MCHacks  neces¬ 
sary  internal  controls  and  ethics.” 

Because  the  GSA  is  the  part  of  the  government 
responsible  for  negotiating  and  acquiring  pretty 
much  anything  that  federal  agencies  require,  this  is  a 
serious  turn  of  events.The  feds  spend  more  than  $1 
billion  with  MCI  annually  and  while  existing  con¬ 


tracts  will  be  continued,  there  will  be  no  new  busi¬ 
ness  until  MCI  can  demonstrate  that  it  has  changed. 

Which  raises  an  interesting  question:  Can  MCI  be 
salvaged?  I  use  the  term  “salvage”  because  there’s  so 
much  rot  in  the  body  of  the  company  that  words 
like  “redeem”  or  “cure”  are  not  applicable. 

The  problem  is  that  corporate  personalities,  just 
like  the  personalities  of  individual  humans,  are  hard 
to  change.  For  example,  have  you  ever  tried  to  lose 
weight?  Then  you  know  how  hard  it  is  to  break  your 
habits. You  can  have  the  best  of  intentions  and  then 
someone  says  “Hey  want  an  ice  cream?”  and  before 
you  know  it  you’re  sitting  on  the  sofa  with  a  giant 
tub  of  Ben  &  Jerry’s  Oatmeal  Cookie  Chunk. 

Corporations  are  the  same.They  get  used  to  provid¬ 
ing  bad  service  (a  peculiar  talent  of  telecom  compa¬ 
nies),  taking  shortcuts,  padding  bills  and  that  be¬ 
comes  standard  procedure. 

Worse  still,  the  bigger  the  company  the  harder  it  is 
to  stop  the  creep  of  moral  rot.  It  just  gets  deeper  and 
deeper  into  the  organization  and  harder  to  expose. 

So  what  to  do  with  MCI?  I’d  suggest  that  we  break 
them  up, sell  them  off,  anything  but  allow  them  to  be 
another  rotten  apple  in  the  big-business  barrel. 

Let  me  be  clear:  I  am  not  anti-big  business  per  se, 
but  when  a  company  of  such  incredible  size  and 
power  is  rotten  to  the  core  it  is  essentially  dangerous 
to  our  culture.  Not  only  does  it  destabilize  financial 


markets  but  it  destabilizes  the  businesses  it  serves. 

And  for  the  IT  groups,  there’s  an  important  ques¬ 
tion  to  take  away  —  how  rotten  is  your  company 
and  are  you  part  of  the  problem?  These  days  IT  is 
almost  always  involved  or  aware  of  every  aspect  of 
business  that  matters. 

Presuming  the  latest  MCI  allegations  are  true,  you 
would  think  some  non-management  technical  guys 
were  aware  that  something  wasn’t  kosher.  And  if 
that’s  the  case,  and  they  didn’t  blow  the  whistle,  then 
they  sold  their  souls. 

You  could  argue  that  people  in  this  kind  of  situa¬ 
tion  fear  losing  their  jobs,  but  that  isn’t  a  good 
enough  argument.  Being  involved  in  a  crime  isn’t 
just  a  risk  to  your  livelihood.  It’s  also  a  risk  to  your 
career, your  credibility  and  your  personal  integrity. 

And  there’s  always  the  risk  of  being  found  an  ac¬ 
complice  with  all  the  legal  consequences  that  might 
entail. 

Which  leads  to  another  takeaway:  How  carefully 
do  you  vet  those  you  do  business  with?  Are  your 
partners  and  suppliers  on  the  up  and  up  or  will  you 
be  dragged  into  their  dishonesty  and  immorality? 

And  the  bigger  the  business,  the  more  that  rotten¬ 
ness  can  be  hidden.  In  business,  never  underesti¬ 
mate  how  quickly  rottenness  will  reach  to  the  core. 

Tell  me  you're  clean  at  backspin@gibbs.com. 
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Buzz 


News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

You  wondered  about  this,  too 

After  seven  years  of  writing  about 
spam,  one  unanswered  question  has 

continued  to  nag  at  me  above  all  others:  Do  spam  recipients  actually  cough  up 
their  credit  card  numbers  to  purchase  those  pills  that  promise  to  —  how  shall  I 
phrase  this?  —  increase  a  fellow's  bandwidth  in  the  bedroom? 

My  presumption  has  been  that,  sure,  people  are  stupid  and  somebody  must . . . 
but  the  sales  figures  have  to  be  smaller  than  the  purchasers'  collective  self- 
esteem.The  resultant  revenue  certainly  cannot  justify  the  volumes  of  this  particu¬ 
lar  type  of  spam,  which  taken  at  face  value  would  appear  to  place  the  penis- 
enlargement  industry  somewhere  between  the  auto  manufacturers  and  the  air¬ 
lines  in  terms  of  size. 

No,  my  working  theory  has  been  that  the  money  to  be  made  from  penis- 
enlargement  spam  derives  not  from  actual  sales  of  penis-enlargement  prod¬ 
ucts,  but  from  getting  other  aspiring  spammers  to  pay  for  help  in  sending  their 
own  penis-enlargement  spam;  a  phallic  derivative  of  the  classic  pyramid 
scheme,  if  you  will. 

So  who’s  guarding  that  list  of  things  Buzz  has  been  wrong  about?  We’ve  got 
yet  another  entry  to  make. 

It  turns  out  that  spam  does  sell  men  hope  that  "herbal  supplements"  can  give 
them  what  genetics  did  not.This  is  true  at  least  according  to  a  fascinating 
glimpse  into  the  books  of  one  spammer  published  last  week  in  Wired  and  writ¬ 
ten  by  Brian  McWilliams  (www.nwfusion.com,  DocFinder:  7141). 

"An  order  log  left  exposed  at  one  of  Amazing  Internet  Products' Web  sites 
revealed  that  over  a  four-week  period  some  6,000  people  responded  to  e-mail 
ads  and  placed  orders  for  the  company’s  Pinacle  herbal  supplement,” 
McWilliams  writes.  "Most  customers  ordered  two  bottles  of  the  pills  at  a  price 
of  $50  per  bottle.  Do  the  math  and  you  begin  to  understand  why  spammers  are 


willing  to  put  up  with  the  wrath  of  spam  recipients,  Internet  service  providers 
and  federal  regulators.” 

Do  the  math  and  you  also  begin  to  understand  why  law  enforcement  will 
never  be  any  more  effective  in  curbing  spam  than  it  has  been  in  eradicating 
pot:There’s  far  too  much  money  to  be  made,  an  inexhaustible  supply  of  individ¬ 
uals  willing  to  give  the  business  a  go  .  .  .  and  customers  galore. 

According  to  the  story,  Pinacle  purchasers  included  at  least  two  company 
presidents,  a  mutual  fund  manager,  a  restaurateur,  a  veterinarian  and  a  chiro¬ 
practor  (who  is  not  exactly  the  poster  child  for  back-crackers  being  real  doc¬ 
tors).  And  lest  you  begin  to  believe  that  only  men  could  be  this  gullible,  be 
aware  that  “numerous  women”  were  reported  to  be  among  the  customers. 

It  gets  worse.The  Web  site  these  folks  entrusted  with  their  MasterCard,  Visa 
or  American  Express  failed  to  supply  so  much  as  a  telephone  number,  physical 
address  or  e-mail  box  . .  .  which  might  pose  a  problem  if  you've  got  a  question 
about  whether  you  should  mix  your  Pinacle  with  your  Viagra. 

You  say  you  want  to  know  about  the  site's  security  and  encryption  provisions? 

Please.  You  already  know  the  answer  to  that  one.  The  company  has  calculated 
that  its  customers  don't  have  time  for  such  worries  when  they're  preoccupied 
with  bigger  things. 

One  customer  told  the  story's  author  that  he  judged  the  Web  site  to  be  worth 
a  shot  because  it  included  one  of  those  "As  Seen  onTV”  logos. 

I  was  going  to  compare  this  with  dropping  your  credit  card  on  a  crowded  city 
street,  but  at  least  in  that  instance  there's  a  chance  it  might  be  picked  up  by  a 
good  Samaritan. 

The  good  news  is  that  the  story  reported  no  instances  of  fraud  or  identity 
theft  against  these  foolhardy  souls. 

The  bad  news?  Whatever  sex  these  reckless  individuals  are  having  is  proba¬ 
bly  not  of  the  safe  variety. 

Got  a  one-liner  of  your  own?  Don ’t  be  shy.  The  address  is  buzz@nwu>.  corn. 
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amount  s:  ,-pe  '  on  v  eo  mode  *GB  =  1.000.000.000  bytes  when  referring  to  storage  capacity  Accessible  capacity  is  less;  up  to  3GB  is  used  in  service  partition.  These  model  numbers  achieved  (Testing  Labs.  Inc.'s  BatteryMark”  4  01  or  the  Ziff  Davis  Media,  Inc.'s 

Business  w  ■  s'.  -  y.V  BatteryMarit  Version  10  Battery  Rundown  Time  ot  at  least  the  time  shown.  This  test  was  performed  without  independent  verification  by  the  VenTest  testing  division  of  Lionbridge  Technologies.  Inc.  (“VeriTesT)  or  Ziff  Davis  Media,  Inc.:  neither  Zitl  Davis 
Media  Inc  no  V.  lest  n  ,.,nes  any  representations  or  warranties  as  to  these  test  results  Winstone  is  a  registered  trademark  and  BatteryMark  is  a  trademark  ot  Ziff  Davis  Publishing  Holdings,  Inc.,  in  the  U.S.  and  other  countries.  A  descripbon  of  the  environment  under  which  the 
test  was  pe  ’  r  ■  -q  .'.anabie  at  'Dm  conpc/wwthinkpad/batterylite  Battery  life  (and  recharge  times)  will  vary  based  on  many  (actors  including  screen  brightness,  applications,  features,  power  management,  battery  conditioning  and  other  customer  preferences  'Includes  battery 
and  opt  c  ;  j  '  stead  ot  standard  optical  drive  in  Uttrabay  bay.  it  applicable:  weight  may  vary  due  to  vendor  components,  manutactunng  process  and  options.  Thinness  may  vary  at  certain  points  on  the  system  “Some  software  may  differ  from  its  retail  version  |rf  available) 

and  may  rot  i-ciade  user  manuals  or  all  program  functionality  Software  license  agreements  may  apply  Telephone  support  may  be  subject  to  additional  charges.  If  a  machine  is  listed  as  having  "Onsite  service  tor  select  repairs"  or  "Limited  onsite  service.*  this  means  that  onsite 
servce  .s  a  aiiaoie  v  .  '  'lie  replacement  of  select  parts  For  all  other  warranty  repairs,  IBM  will  provide  the  customer  a  replacement  part  for  customer  installation  The  parts  for  which  onsite  service  is  available  varies  by  machine,  but  may  include  the  processor,  power  supply, 


f>yr. • : 1  .  -  ■ 


mg;  W' 


-•  -<U. 


-v-r  - 


J|ii&W“ 


Take  off  to  parts  unknown  with  an  IBM  ThinkPad®  wireless  notebook. 
The  world’s  easiest  way  to  switch  between  wired  and  wireless. 


Wherever  you  want  to  work,  the  sky  is  the  limit  when  you  have  IBM  ThinkPad 
notebooks  with  Access  Connections  software  and  wireless  Intel®  Centrino™  mobile 
technology  (on  select  models).  Now  it’s  easier  than  ever  to  switch  between  wired  and 
wireless  networks  -  whether  you’re  at  an  airport,  the  office,  an  Internet  cafe,  even 
your  kitchen.1  So  consider  the  IBM  ThinkPad  wireless  notebook,  and  experience  a 
whole  new  level  of  wireless  possibilities,  think  ffOGdOfTI 


1  866  426-3783  I  ibm.com/shop/m191 

Save  on  shipping.  Order  online.11 
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NEW!  IBM  ThinkPad  T40 

Distinctive  IBM  innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0 

System  Features: 

•  Intel  Centrino™  mobile  technology 

-  Intel’'  Pentium  M  processor  t.3GHz  supports 
Enhanced  Intel  SpeedStep  technology’1 

-  Intel’  PRO/Wireless  Network 
Connection  802.1 1  b’ 

•  1 4.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM  std/2GB  max4 

•  30GB  hard  drive"’ 

•  Ultrabay™  Slim  DVD-ROM 

•  6.1 -hr  battery  life”  •  5.6-lb  travel  weight 

•  Microsoft”  Windows  XP  Professional'' 

•  1-yr  system/battery  limited  warranty1-’. 


*1,599* 


NavCode  2378D2U-M191 


ServicePac-  Service  Upgrade:"1 
3-yr  Onsite  Repair/9x5/Next  Business 
Day  Response 
(#30L9195)  *243 


NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0' 

System  Features: 

•  Intel”  Centrino™  mobile  technology 

-  Intel”  Pentium"  M  processor  1.3GHz  supports 
Enhanced  Intel  SpeedStep  technology 

-  Intel 1  PRO/Wireless  Network 
Connection  802.11b3 

•  14. 1"  XGA  TFT  Display  (1024x768) 

•256MB  DDR  SDRAM  std/IGB  max  - 

•  20GB  hard  drive 

•  Ultrabay  Plus  CD-RW/DVD-ROM  combo  drive 

•  6.1-hr  battery  life  •  5.6-lb  travel  weight 

•  Microsoft  Windows  :  XP  Professional 

•  1-yr  system/battery  limited  warranty1  ,  ' 


*1 ,399* 


NavCode  289723U-M1 91 


ServicePac  Service  Upgrade:'? 

2-yr  Onsite  Repair/9x5/Next  Business 
Day  Response 
(#30L9189)  *197 


m 

% 

m 

m 

Qs 

am-  - 

m?.  '  ./. 


heat  sink,  system  board  or  base  cover.  To  determine  the  complete  list  of  parts  tor  which  onsite  service  is  available  for  a  particular  machine,  contact  IBM.  IBM  will  attempt  to  diagnose  and  resolve  any  problems  remotely  before  sending  a  replacement  part  or  technician.  JThes;  ter  v,. 
are  available  for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Not  all  machine  types  and  models  are  covered.  Service  period  begins  with  the  equipment  date  of  purchase.  Service  must  be  purchased  c  ,-i .. 
the  original  limited  product  warranty  period.  Service  levels  are  response-time  objectives  and  are  not  guarantees.  A  service  technician  is  scheduled  to  arrive  at  your  location  within  two  or  four  business  hours  or  the  next  business  day  (depending  on  service)  after  rento's  proniar- 
determination  is  completed.  For  the  9x5x4-hour  service,  calls  dispatched  after  1:00  p.m.  local  time,  you  can  expect  the  service  technician  to  arrive  by  the  morning  of  the  next  business  day.  For  noncritical  service  requests,  a  service  technician  will  arrive  by  the  end  of  the  folio- -  , 
business  day.  If  the  machine  problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  External  peripherals,  such  as  rack1,  tape  drives  and  channe,  u  the 
require  their  own.  separate  service  coverage;  they  are  not  covered  under  the  attached  Machine.  Service  activation  is  required  immediately  following  purchase.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  dt-v  >f 
repair  center.  For  tailing  non-IBM  components,  customer  must  provide  replacement  part  unless  IBM  has  a  Technical  Support  Agreement  with  the  manufacturer.  Service  does  not  cover  accessories,  supply  items  and  certain  parts  such  as  batteries,  frames  and  covers.  Staruro 
shipping  included  when  you  order  online.  U.S.  only.  ,2With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for  pnotog-.:'  -  . 
typographic  errors  All  IBM  product  names  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus  Development  Corporation,  an  IBM  Company  1  i-e  i  ji 
Inside,  the  Intel  Inside  logo.  Celeron,  Intel  Centrino.  the  Intel  Centrino  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademark;  of  Mi-  --.■  - 
Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp.  All  rights  reserved. 
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AVAVA 

a  higher  plane 
of  communication 


AS  YOUR  COMMUNICATION  NETWORK  gets  more 

complicated  — dare  we  say,  converged?  —  you  need  to 

toughen  your  defense.  Meet  the  complete  security  solution 

from  Avaya.  Our  mantra:  the  pucks  stop  here.  Count  on 

Avaya  Security  Solutions  to  protect  your  entire  network, 

no  matter  where  you  are  on  the  path  to  IP  telephony.  We 

take  a  holistic  approach  to  security  with  the  multi-vendor 

expertise  of  Avaya  Global  Services.  Our  industry-certified 

consultants  methodically  assess  all  your  communication 

devices,  policies  and  vulnerabilities,  inside  and  out  (no 

— 

sneak  shots  around  the  post).  In  the  state  of  Avaya,  our 

services,  systems,  applications  and  products  assure  that 

your  converged  network  is  secure  by  design.  See  why  it’s 

no  contest  when  Avaya  security  is  minding  your  net  at 

avaya.com/secure.  Or  call  866-GO  AVAYA  today. 

IP  Telephony 

Contact  Centers 

Unified  Communication 

Services 

With  Avaya 


MINDING  YOUR  NET, 

your  voice,  data,  even  your  converged  network  can  be 

SAFE  AND  SECURE. 


